On 12/14/2014 04:28 AM, Mehmet Tolga Avcioglu wrote:
> Yes, I meant time in microsecond resolution. That is mainly the reason
> why I thought about using it globally, but I'll use queue_id@hostname
> instead.
Or you could just use the message ID which is exactly this anyways.
Peter
"mysql cidr" you will come
across various ways to do CIDR matches in mysql, just pick one that
works for you and off you go.
Also if you haven't locked in your decision to use mysql yet you may
want to consider postgresql instead which has native CIDR and other
network data types and functions you can work with.
Peter
hat google
has gone down the path of blocking mail that doesn't pass these
stringent tests and I now cannot see my own postings to lists such as
this one or certain others who post.
I fear mailing lists have to start munging the From: header now by
adding their own domain name on the end.
Peter
On 12/16/2014 05:25 AM, Darren Pilgrim wrote:
> It's extra fun when they do so to an email with a DKIN signature
> covering the From: header.
MLMs should strip the DKIM header anyways and add their own if appropriate.
Peter
er as well it's
best to use a quota scheme that is integrated there. Dovecot quotas
comes to mind (if you're using dovecot, of course).
Peter
Happy New Year everyone!
Peter
On 12/31/2014 11:45 PM, John wrote:
> Here is wishing you all a very happy and prosperous new year.
On 01/05/2015 04:09 AM, Charles Marcus wrote:
> On 12/17/2014 1:18 AM, Peter wrote:
>> It appears that google has gone down the path of blocking mail that
>> doesn't pass these stringent tests and I now cannot see my own
>> postings to lists such as this one or certain o
you're receiving mail off the internet.
Peter
r than
attempting to forward it on and then having it rejected from o365. This
might help to force the mail list admins to get their act together.
Peter
I don't know if postfix uses that function or not, but if
postfix isn't vulnerable then you almost certainly have some other
program on your box that is. I would recommend that you update glibc
without delay regardless.
Peter
On 02/02/2015 02:16 PM, Wietse Venema wrote:
> The first Postfix 3.0 stable release candidate is out,
Bit of confusion, the download page says it's "Postfix 3.0.0 stable
release candidate 2", but the filename has "RC1" in the name. I'm
assuming for now that it's really RC1 and not 2?
Peter
rrors in the above paste start after line 906, it looks
like there are missing object files in the gcc command to me.
Is this a bug in the build process or am I doing something wrong?
Thanks, Peter
ss.
Still does the same thing. I'm currently in the process of trying to
simplify the options passed to make makefiles that causes it (divide and
conquer style). Also am testing on CentOS 6 as well (this was on CentOS
5). I'll get back with more details.
Peter
I honestly don't know where or why -pie was added in the first place, so
I'll remove it for now, I don't know if postfix is supposed to be
compatible with that option or not.
Peter
On 02/04/2015 09:59 AM, Peter wrote:
> I simplified it down to this and was still got the error:
> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If I remove the -pie from AUXLIBS (either from the simplified version or
> the full version) it bui
On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
> On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
>
>> I simplified it down to this and was still got the error:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If you want PIE sup
e should be passed through
to the linker, so in theory it should work this way, but I don't know
for sure.
Peter
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
>> ...fails
>
> Of course it does. You used both "-fPIE" and "-fpie".
No, I used both -fPIE and -pie (without the "f").
Peter
...also fails
Can you suggest the combination with -pie that is supposed to work and
actually *does* work?
Peter
d be considered a blocker for
3.0.0 or not, though, maybe it could be considered a bugfix to go into
3.0.1?
Peter
z,relro,-z,noexecstack"
This is pretty similar to what I had before, it craps out as soon as you
add shared=yes to make makefiles.
Peter
On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> We've never supported "pie", so if shared libraries don't work with
> "pie" that's not a bug. Perhaps "pie" support could be considered
> for 3.1.
Ok, I'm fine with that.
Peter
I can't find SDBM_README in the 3.0.0-RC1 files.
Peter
g a stack trace) if
> you ever run into trouble. I've yet to see a gdb that understands
> PIE executables, perhaps I have not yet been using a sufficiently
> bleeding-edge toolchain.
This is more along the lines of, I'm building 3rd-party postfix packages
for CentOS, the current stable postfix packages (sourced from Fedora)
have -pie enabled and so I'd like to keep it enabled if at all possible.
Peter
t some point later.
Yep, I'll let you know, hopefully soon.
Peter
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> However, if my quick hack works, let us know, at least we'll know
> what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be position
independent.
Peter
On 02/04/2015 06:15 PM, Viktor Dukhovni wrote:
> And they still work I hope, ... If you can, please also check that
> dynamic maps still load.
I would hope so but I haven't actually run them yet. I will be pushing
them out to my testing repo soon and get some people to test.
Peter
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: no, not found!
I must look into how to turn some of those other items into "yes" as well.
> If it is really that simple, then we might put PIE support into
> Postfix 3.0.
That would be great.
Peter
ges on your system the install scripts have full root access to
your system. They can install backdoors and other malware, mess with
security contexts, and do all sorts of other mean and nasty things. I
don't do that sort of thing with my packages, but again, it's up to you
whether you
On 02/08/2015 06:18 PM, LuKreme wrote:
> # openssl s_client -connect 127.0.0.1:993
Port 993 is IMAPS which is not provided by postfix.
Peter
in the gf-testing-source repo.
Peter
On 02/12/2015 11:20 PM, li...@rhsoft.net wrote:
> has somebody an idea for the chicken egg problem that "postfix-install"
> in the %installof a RPM-spec can't load the shared libraries which are
> built but not installed at that moment?
I changed it to make non-interactive-package and it works jus
The build errors out on me. I've simplified the make makefiles down to
this and it still errors out:
make makefiles 'CCARGS=-I/usr/include/unicode'
Output from the build is at:
http://paste.fedoraproject.org/189029/42464330
Thanks,
Peter
On 02/23/2015 11:23 AM, Viktor Dukhovni wrote:
> On Mon, Feb 23, 2015 at 11:17:49AM +1300, Peter wrote:
>
>> The build errors out on me. I've simplified the make makefiles down to
>> this and it still errors out:
>>
>> make makefiles 'CCARGS=-I/usr/includ
On 02/23/2015 11:45 AM, Peter wrote:
> On 02/23/2015 11:23 AM, Viktor Dukhovni wrote:
>> On Mon, Feb 23, 2015 at 11:17:49AM +1300, Peter wrote:
>>
>>> The build errors out on me. I've simplified the make makefiles down to
>>> this and it still errors out:
ce to have this
modified to check /usr/lib64 as well, or maybe allow some variable to
passed in with /usr/lib64 to override /usr/lib?
Peter
On 02/23/2015 12:29 PM, Peter wrote:
> Looking at makedefs I can see this is true, it is hard-coded to check in
> /usr/lib. I can patch this myself but it would be nice to have this
> modified to check /usr/lib64 as well, or maybe allow some variable to
> passed in with /usr/lib64
t the older EL
versions lack the supporting libs to build SMTPUTF8 support and leave it
at that, I just didn't realize that was actually the case until just now.
Peter
On 02/24/2015 01:18 AM, Wietse Venema wrote:
> Peter:
>> You're right, I must've been seeing things. Anyways, it builds in
>> CentOS 7 without patching and while I haven't tested the binary yet, it
>> appears to have built with EAI support. The issue the e
mented. But it's not always clear what it means
> exactly.
In addition to what Viktor said I'll just point out that most, if not
all of those services have man pages which fully document them, eg:
pipe(8), smtpd(8), pickup(8), etc.
Peter
u're upgrading now you
should probably be moving to 3.0, not 2.10 which is already two years old.
Peter
On 03/22/2015 08:19 PM, Steve Matzura wrote:
> Thanks Peter. Very instructive. I'm on Red Hat Fedora 21, which came
> out this week, which, now that you tell me Postfix version 3 is out,
> surprises me that the upgrade didn't take that into account and give
> it to me.
you want to support some very old Outlook clients and
offer TLS wrappermode over 465 is up to you but it is unlikely you will
find anyone who still needs this old and deprecated form of submission.
Peter
On 04/06/2015 11:33 AM, Peter wrote:
> Thunderbird, for example, calls TLS wrappermode "TLS"
Correction: Thunderbird calls TLS wrappermode "SSL/TLS".
Peter
On 04/06/2015 08:05 PM, Muhammad Yousuf Khan wrote:
> By Peter
> -
>
> What you should be, at the very least, encouraging is STARTTLS over port
> 587. Whether you want to support some very old Outlook clients and
> offer TLS wrappermode over 465 is u
GET / HTTP/1.1
Host: www.postfix.org
HTTP/1.1 200 OK
...
$ telnet 131.211.32.146 80
Trying 131.211.32.146...
Connected to 131.211.32.146.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.postfix.org
HTTP/1.1 404 Not Found
...
Peter
No the other reason is the age of the host and the fact I have beefier hardware
to move to.
Sent from my android device.
-Original Message-
From: Steve Jenkins
To: Peter Berghold
Cc: "postfix-users@postfix.org"
Sent: Sun, 26 Apr 2015 19:01
Subject: Re: Migrating MX serve
the case then fixing it could
actually raise backwards compatibility issues which may necessitate
something more complicated than a simple straightforward fix.
Peter
T_README:
* In the left-hand side, specify a bare username, an "@domain.tld"
wild-card, or specify a complete "u...@domain.tld" address.
As I just finished showing in detail, "bare username" is not working for
pcre tables.
Peter
n.tld"
wild-card."
Still, it seems counter-intuitive because it works different with
alias_maps and those two settings definitely are related.
Peter
On 05/08/2015 04:43 AM, Rod K wrote:
> check_client_restrictions =
There is no such setting, you probably want smtpd_client_restrictions.
Peter
On 04/13/2015 04:30 AM, Wietse Venema wrote:
> Peter:
>> $ telnet 131.211.32.146 80
>> Trying 131.211.32.146...
>> Connected to 131.211.32.146.
>> Escape character is '^]'.
>> GET / HTTP/1.1
>> Host: www.postfix.org
>>
>> HTTP/1.1 40
lavor. I wouldn't consider it to
be out of date either, though, without further evidence to that end.
Peter
ble for CentOS 6 via a simple yum command. Not
to say that I fault your choice of Postfix over Exim, but your reasoning
for this is misguided.
Peter
eciated.
If you want exim on CentOS 6 (off topic for here, but...):
yum shell
remove postfix
install exim
run
...
quit
...beyond that you need to get help from exim support channels.
Peter
ulti-instances to send mail
from individual IPs for each domain as Wietse has already given you a
solution for that. The only exception to his solution is that it
doesn't work for DSNs, but a properly configured postfix should be
sending out a minimal amount (if any) of those anyways.
Peter
three match then this requirement will be
satisfied. Please note that this has absolutely nothing to do with the
domain name part of the envelope sender address.
Peter
ing to, so some may say "Queued", some may say "Ok", some may be in
a foreign language. Different servers will have slightly different
responses but they should all give a 250 code if they've accepted the
message.
Peter
I have been changing my mailing addresses from "example.com" to sub
domains - say "mail.example.com" to configure no-reply addresses there.
I use "sendmail -f nore...@mail.example.com" to send emails to make sure
the Return-Path is correct. My mail delivery chain looks as follows:
SENDING SERVER -
On 06/08/2015 08:58 PM, Peter wrote:
> I use "sendmail -f nore...@mail.example.com" to send emails
I hope you actually have some sort of program, script or human
monitoring that address to handle bounces.
> I see that the "from" address is already altered in the
&
Yes mate, bingo!
You saved another day that I'd probably spend on troubleshooting this.
http://www.postfix.org/postconf.5.html#masquerade_domains
This is the answer
P.
On Mon, Jun 8, 2015, at 11:31 AM, Peter wrote:
> On 06/08/2015 08:58 PM, Peter wrote:
> > I use &qu
Hi Mike,
~all denotes "soft fail". In other words that means that if you forget
to add an IP address of your new server to SPF it is not going to be a
total failure :) Soft fail allows to undertake other steps in case it
happens (say i.e. you could perform other checks to determine if the
email c
he stable 3.0.1 source with the same changes to make it
build under kernel 4.0.
Peter
n early 2016.
Peter
iver what you
accept" mantra as well as allowing the user to still get messages that
are false positives for SPAM.
Peter
Hi folks,
I have just now stumbled upon a DNS item that I can not crack by myself
and your help would be immensely appreciated.
I have been forwarding my emails using postfix transport_maps to a
couple MX weight-based receivers. Since the IPs of these servers have
changed I updated my DNS records
On Thu, Jul 9, 2015, at 12:37 PM, Wietse Venema wrote:
> Peter:
> > Here comes the postfix part. I am still having a couple of emails that
> > have not been delivered because postfix remembers the old DNS resolution
> > and I end up with deffered emails like this one here:
owed for 5 MB only.
>
> Pl advise is any setting is there for the same if yes then how it can be.
Have a look at policyd:
http://wiki.policyd.org/
Peter
Hi guys,
I have recently switched from relayhost and smtp_fallback_relay to
hash:/etc/postfix/transport method where I have a domain
(mx-relay.internal) declared with multiple MX records which have
different weights (mx10, mx11, mx12 and mx13). These servers do not have
IN A record, but IN MX.
T
largely backwards-compatible, but there is
at least one gotcha in your planned upgrade that will bite you if you
don't run upgrade-configuration.
Peter
HI guys,
Till today I was always using one the following method to hold emails in
order to investigate issues with them:
smtpd_sender_restrictions = static:HOLD
smtp_helo_restrictions = static:HOLD
smtp_data_restrictions = static:HOLD
Today, I also wanted to hold some emails that are being sent
st[127.0.0.1] in the logs?
On Fri, Jul 24, 2015, at 02:03 PM, Koko Wijatmoko wrote:
> On Fri, 24 Jul 2015 13:08:42 +0200
> Peter wrote:
>
> > which is okay, but when PHP mailer sends an email from localhost I
> > get:
> >
> > Jul 24 12:49:38 server postfix/pick
On 07/27/2015 11:06 PM, robert k Wild wrote:
> I have created a dovecot and postfix email server
>
> Now I want to have SMTP authentication for my users that use postfix
Use dovecot SASL AUTH:
http://www.postfix.org/SASL_README.html#server_dovecot
Peter
Hi guys,
I have stumbled upon this warning today while wanting to remove
duplicates from /etc/postfix/relay_recipients:
[root@mx ~]# postmap /etc/postfix/relay_recipients
postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
"name.surna...@domain.com"
postmap: warning: /etc/postfi
Yuppers, that was it!
It was doing my head in. Cheers very much!
On Thu, Jul 30, 2015, at 03:54 PM, wilfried.es...@essignetz.de wrote:
> Hi Peter,
>
>
> retry with "grep -i name.surna...@domain.com".
>
>
> Willi
>
>
> Am 30.07.2015 um 15:44 schr
so there's just one on the end, which as you can probably
imagine, really messes things up.
Peter
On 25/02/23 12:48, Peter wrote:
On 25/02/23 01:57, Wietse Venema wrote:
James Brown:
Sorry if this is a bit of a basic question, but I?m trying to compile
from source on macOS 13.21.1 but the makefile has lines commented out.
I'm trying:
make -f Makefile.init makefiles \
CCARGS='
blocked.
This is likely what happened. Linode assigns a single static IPv6 /128
by default, but you can request a /64 free of charge. For an email
server I would recommend you do this or you will have problems.
Peter
I will give it a try.
No need to install from source, you can get postfix 3.1 packages for
CentOS here:
http://ghettoforge.org/index.php/Postfix3
That said, I don't see any reason why Postfix 2.10 can't relay to office
365. Can you please show relevant postfix logs of an attempt at such?
Peter
means that anyone who looks
at them has to weed through 200+ lines of unrelated crap that we don't
need to know. Turn off verbose logging and log another test message
without it, then we can have a look and tell you more.
Peter
make a new setting in 2.10 compatible to previous versions:
postconf smtpd_relay_restrictions=permit
Peter
On 20/01/17 11:37, Maurizio Caloro wrote:
> Please why pop3d become Login Failed for user joe?
Postfix does not provide POP3 service. Please consult the pop3d
community for assistance.
Peter
On 24/01/17 10:57, Brad Chandler wrote:
> Take a look at the gf-plus repository on Ghettoforge.
> http://ghettoforge.org/index.php/Usage
There's also detailed instructions on how to install the postfix
packages at:
http://ghettoforge.org/index.php/Postfix3
Peter
They're both at 3.1.4, the latest stable release. Ghettoforge,
however, has been built with dynamic map support and oostergo has not.
Peter
n restrictions such as permit_sasl_authenticated or
permit_mynetworks in main.cf or your smtp line in master.cf, and don't
put restrictions that are meant for port 25 such as
reject_unauth_destination in your submission line for master.cf. When
you keep these separate then things become much easier to manage.
Peter
not set.
> Is it that 'smtp_tls_wrappermode = yes' that I need to remove? I can
> see little other difference between the configurations.
Correct.
Note that SMTPS (port 465) requires wrappermode (not supported in 2.9)
or tunnelling through stunnel. STARTTLS (587) requires that wrappermode
not be set.
Peter
ove, so it defaults to, "all".
> inet_protocols = ipv4, ipv6
Same, just remove this and let it default to, "all".
> In case you wonder - The local IPv4 is not equal to the external visible
> one for mail.stoecker.eu.
In this case postfix will see the connection on and need to bind to the
local address.
Peter
about this you can always assign a new name such as
localhost_all or something and use that so as not to break old software
that relies on localhost only being assigned to IPv4.
Peter
s in an hour or two from now).
Peter
tion into main.cf you could do something like this:
postconf "smtpd_tls_key_file = /etc/pki/private/$(postconf -h
myhostname).key"
Peter
security risks.
> But thanks for the insight.
Obviously not enough insight as you completely missed what Viktor was
telling you.
Peter
smtp(8) does not recognize the content_filter setting. If it
did it could cause mail looping issues but fortunately it simply won't
do anything.
> See if that works for you (didn't try it myself).
Of course you didn't, otherwise you'd know it doesn't work. But feel
free to make guinea pigs of other people to test your lack of knowledge.
Peter
-in-bash
Yep, you nailed it there. Small difference but it completely changes
how the command works.
Peter
verify failed (in
> reply to
> RCPT TO command)
I would move your check_recipient_access to smtpd_data_restrictions,
then it should work that it will not reject until the DATA command, but
servers performing address verification will have bailed by that point.
So you end up rejecting actual messages but not verification probes.
Peter
ution.
Postfix is fine as well and there is no lack of TLS support in the
Postfix 2.10.1. That said, you can get a newer postfix for CentOS 7
from GhettoForge:
http://ghettoforge.org/index.php/postfix3
...please note that as of this writing the latest version is in gf-testing
Peter
ur snapshot, and take your
backup and understand that if you ever get to the point where everything
blows up you *will* loose some mail, there is no real way around that.
Peter
sport. See postconf(5) and
access(5) for details.
Peter
quot;$(postconf -h queue_directory)/deferred/"?/* |
your_program_that_parses_data_and_outputs_queue_ids | postsuper -d -
Runs postconf, postcat and postsuper once each.
You can modify for other queues accordingly.
Peter
the difference, so in
your case it would run postcat 2 or 3 times to get all the file paths
passed, then the output of the whole thing would go to your program and
the output of that to postsuper.
So running find once, postcat 2 or 3 times, your program once, postconf
once and postsuper once ... not too bad.
Peter
On 29/05/17 16:57, Peter wrote:
> find "$(postconf -h queue_directory)/deferred/)" -type f -exec postcat
> -e {} + | your_program | postsuper -d -
Oops, typo there, should be:
find "$(postconf -h queue_directory)/deferred/" -type f -exec postcat -e
{} + | your_program | postsuper -d -
Peter
301 - 400 of 905 matches
Mail list logo
