* Patrick Ben Koetter via Postfix-users:
> I don't need tags.
Seconded. Do we really need to cater for software that's unable to use
the "List-Id" headers? These are mailing lists for Postfix users and
devs, not for a knitting circle, so I think it is fair to assume we
subscribers all use decent
* Jim Popovitch via Postfix-users:
> On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote:
>
>> Looking at the opendkim/opendmarc right now, they appear dead over
>> the past 2 years or so, which is sad really.
>
> It's not sad at all. It's a testament to the stability of the pro
* Robert A. via Postfix-users Cooper:
> Some of us don't have a choice and are stuck with MS mail products due
> to work policies. while OWA does now support header filtering, that
> has not always been the case.
So you are saying that even Microsoft has finally seen the light. Good,
it took them
* Peter Ajamian via Postfix-users:
> Verify return code: 10 (certificate has expired)
Thanks. For some reason, the web server had not been restarted after the
last certificate update, which normally happens automatically. I just
restarted the server process manually.
-Ralph
_
* Viktor Dukhovni via Postfix-users:
> The "post hooks" in certbot are not *reliable*.
For the curious among you: I use dehydrated [1], which integrates nicely
with my other automation, including Ansible [2]. An Ansible handler is
used to restart the web server if certificates were updated, and t
* Ken Peng via Postfix-users:
> Using rspamd instead of postscreen?
I'm not quite sure what you mean by that.
If you suggest relying on rspamd only, and forgo postscreen, I have to
disagree. In my experience, postscreen has proven highly useful in spam
prevention, in particular when DNSBL lookup
* Corey Hickman via Postfix-users:
> Some clients abuse the outgoing smtp server for sending bulk messages.
> [...] Do you know how to stop this behavior?
There is 'default_destination_recipient_limit' to limit the number of
recipients per message delivery. If however the abuser uses only a few
* Eddie Rowe via Postfix-users:
> I have been cutoff from the Postfix web site due to it apparently
> being a TOR exit node in Germany.
The server hosting the Postfix website, run by yours truly, is neither
located in Germany, nor is it a Tor exit node.
-Ralph
___
* Viktor Dukhovni via Postfix-users:
>> The server hosting the Postfix website, run by yours truly, is neither
>> located in Germany, nor is it a Tor exit node.
>
> As for TOR, some sites may have stale or inaccurate data:
>
> https://www.ipqualityscore.com/tor-ip-address-check/lookup/65.108.3.114
* true kernel via Postfix-users:
> What are the plugins or filters for postfix to stop sending a special
> message body?
You could try milter-regex (https://www.benzedrine.ch/milter-regex.html).
-Ralph
___
Postfix-users mailing list -- postfix-users@po
* Viktor Dukhovni via Postfix-users:
> The requested filter is much too crude. How would the OP, for example,
> have participated in this thread with that filter in place!
I agree that the filter the OP asked for is a dumb idea, but milter-
regex can nonetheless provide the functionality that was
* Viktor Dukhovni via Postfix-users:
> Relax, that wasn't an attack on you. There's no need to defend your
> honour... :-)
That's not always easy to determine, especially given the constraints of
non-verbal communication. I'll take your word for it, of course. ;-)
> I would like to suggest that
* Byung-Hee HWANG via Postfix-users:
> Honestly, 311 it was not easy to set up to me.
These days, one is a bit spoiled for choice when it comes to software
which handles this automatically. LetsDNS (https://letsdns.org) is what
I use and recommend, unsurprisingly, because it is robust and easy to
The Postfix website is available again. The company hosting the server
hardware informed me that there are "some issues with the PXE feature
with this server model", whatever that means exactly, which their staff
was able to fix in the meantime. I find it interesting how this
particular server has
* Jaroslaw Rafa via Postfix-users:
> Maybe it wasn't rebooted until now? (as PXE is a boot-related feature) :)
I am positive that I personally rebooted this server a number of times
following Kernel updates, the last of which happened not long ago. ;-)
My guess is that the hosting company made c
* Bill Cole via Postfix-users:
>> I am positive that I personally rebooted this server a number of times
>> following Kernel updates, the last of which happened not long ago. ;-)
>
> If there's a virtualization layer, they are likely to be referring to
> the real physical host rather than the VM
* Viktor Dukhovni via Postfix-users:
> https://www.postfix.org/postconf.5.html#defer_transports
Indeed. In my backup scripts, I like to use something like the following
(from memory only, beware of possible typos):
postconf -e defer_transports=lmtp,local,virtual && postfix reload
Now that I t
* Wietse Venema via Postfix-users:
>> Now that I think of it again, I wonder if the reload command is even
>> necessary?
>
> Yes, because it is implemented in the queue manager which is a
> long-running process.
Thank you. I have been using the reload step for so long, but I could
not recall why
* Wietse Venema via Postfix-users:
> As a few on this list may recall, it is 25 years ago today that the
> "IBM secure mailer" had its public beta release.
Time flies, no doubt about that. I find it comforting that Postfix has
earned its place as a cornerstone of e-mail around the globe, based on
* Viktor Dukhovni via Postfix-users:
> Microsoft ESMTP MAIL Service [...]
Gee, who woulda thunk? ;-) That being said, perhaps somebody on the
"mailop" mailing list would be able to offer more insight? Some exotic
extension, perhaps, or a weird application level firewall? I sure hope
it is not a p
* Viktor Dukhovni via Postfix-users:
> On Thu, Jan 11, 2024 at 07:29:40PM +0100, Benny Pedersen via Postfix-users
> wrote:
>
>> so next is gentoo ebuilds ? :)
>
> No. There is no Postfix binary release build farm, and nobody has
> volunteered to coördinate binary release engineering at the Postfi
* mattpr via Postfix-users:
> Adding email aliases to an email client doesn't make sense because
> there are just too many and I wouldn't want to have to pick one.
Pick one what? Pick an alias, I presume, or pick a mail client (MUA)?
> Last count I had ~2500 records in my password manager (not a
* Juerg Reimann via Postfix-users:
> So, but now I still have to filter such incoming mail in a way that I'd be
> able to block certain senders by their *header* From: on a user basis.
I heartily recommend milter-regex [1]. It serves me well by allowing me
to configure all kinds of complex antis
* Wietse Venema via Postfix-users:
> Postfix stable release 3.9.0 is available. Postfix 3.5 - 3.8 were
> updated earlier this week; after that, Postfix 3.5 will no longer
> be updated.
Thank you for your continued work. By "you" I mean not only Wietse, but
also the other contributors who collabor
* Peng via Postfix-users:
> Gmail/fastmail rely more on DKIM than SPF.
What makes you assume that? Sending mail to f...@gmail.com works with SPF
alone, in the absense of DKIM. I have not tried the reverse (DKIM
without SPF) yet.
-Ralph
___
Postfix-user
* Tan Mientras via Postfix-users:
> Trying to setup email REJECT when users try to send to a no-reply
> email.
Personally, I find this type of one-way communication annoying and
impolite. The same goes for setting Reply-To to your personal email
address after asking for help on a public mailing l
* Bjoern Franke via Postfix-users:
> From: Ralph Seichter via Postfix-users
> Reply-To: Ralph Seichter
Dang, blindsided by Mailman 3, sorry. What I wrote about my dislike of
using "nore...@foo.bar" type addresses remains unchanged, however. If
sender A sends mail to recipient
* Ansgar Wiechers via Postfix-users:
> [...]
Did I ever send mail to you using the mailing list address you got
barred from targeting, or send mail to you at all from my servers? No,
I did not.
You tried to initiate communication by sending mail to an address you
had no reason to contact, this b
* Tan Mientras via Postfix-users:
> Is an automated/unattended email notifying the user about something,
> providing proper ways of contacting.
"Proper" is for the recipients of your messages to be able to use the
reply function in their MUA, to ask for clarification/assistance in
regards to the
* Curtis J. Blank via Postfix-users:
> I would like to get some insight as to the cause and correct
> configuration to use. [...]
Maybe it is simply too early in the morning for me to get your point,
but what insight are you looking for, exactly?
You already found out that localhost does not ne
* Curtis J. Blank via Postfix-users:
> What I am looking for is pretty simple. How to get it to work with
> "inet_protocols = all" like my existing server is currently set up to do
> and not be limited to ipv4 only.
Well, you seem to be in a good mood. ;-)
> And it is already set to use 127.0.
* Curtis J. Blank via Postfix-users:
> Everything except this that is:
> mydestination = $myhostname, localhost.$mydomain, $mydomain, www.$mydomain
>
> Should this be set to:
> mydestination = $myhostname, 127.0.0.1.$mydomain, $mydomain, www.$mydomain
>
> To keep ::1 from being used?
No, that is
* Allen Coates via Postfix-users:
> I have just been perusing my firewall logs, and notice I have had
> several "hits" using the documentation prefix (2001:db8::/32) as the
> source address. [...]
>
> I have also had some hits (on my website) from Teredo addresses. I
> am allowing these, because
* Allen Coates via Postfix-users:
> I am blocking 2001:db8::/32 (of course); it's the Teredo prefix
> which I am allowing.
I misunderstood the word "these" in your OP, and the subject line only
referenced the documentation prefix, but no harm done. I don't have any
numbers for connections from Te
* Katherine via Postfix-users:
> Why doesn't the server just reject it (5xx code)? This deferral is
> very confusing to our administrators.
Confusing how? You did not provide enough information. What is the
actual deferral message?
-Ralph
___
Postfix-u
* Adam Weremczuk via Postfix-users:
> I have a highly isolated host (e.g. most outgoing traffic blocked, no
> DNS) but I would like to use Postfix on that host to send certain emails
> to a single address exam...@example.com. [...]
You can use Postfix a transport table to direct mail for specif
* Francis Augusto Medeiros-Logeay via Postfix-users:
> I want that mail sent to users who do not have a valid address (like
> when they are not on ldap) to bounce back, like it happens by default,
> but I’d also like these mail to be delivered to an specific mailbox.
>
> As you said, if I use catc
* John Fawcett via Postfix-users:
> On 12/07/2024 15:30, Ralph Seichter via Postfix-users wrote:
>
> > "My advice true, forget this!" (Alvina)
>
> I agree with the advice but have some doubts about the milter
> solution.
I don't dare call it a solution, no
* Austin Witmer via Postfix-users:
> Will DMARC be broken if I only add the following headers to mailing
> list messages? [...]
Adding *new* headers can't break existing DKIM signatures, because these
headers cannot have been signed before. New in this case means header
names (not values) which h
* Bob via Postfix-users:
> I realise stuff like failtoban is available but when I look at it the
> wrong way, or in any way, it falls over and it only looks at logfiles
> every so often [...]
I found fail2ban not to my taste, so like you I searched for possible
alternatives. I finally came to ter
* Bill Cole via Postfix-users:
> Some systems are configured to "oversign" headers, essentially signing
> the non-existence.
Shhh! We don't want to advertise that in this scenario, do we? ;-)
Still, you are correct to point out that the DKIM spec allows for these
kinds of shenanigans.
> Any addi
* Jaroslaw Rafa via Postfix-users:
> Despite what you say about your unsuccessful attempts with fail2ban,
> it seems the best tool for the job. It's the whole idea of fail2ban
> anyway - if "SOMETHING" appears in the logfile "SOME" number of times
> (which can be 1), then stuff the IP address into
* Bob via Postfix-users:
> I get it might be a bit flakey from a security perspective and should
> come with warnings but it is my box.
I think it is more than "a bit flakey". You ask Wietse to support
something which introduces a significant security risk. Plus, this
particular something is not
* Steffen Nurpmeso:
> >I think it is more than "a bit flakey". You ask Wietse to support
> >something which introduces a significant security risk.
>
> Now you exaggerate a bit.
Not really, the original example of invoking "iptables" directly
requires root provileges. That could be mitigated by u
* Walt E. via Postfix-users:
> Is there any standard that, postmaster@domain is a required account
> for this domain?
Yes. The requirement has been specified as early as 1981 in RFC 822, and
in its successors up to and including RFC 5322.
-Ralph
___
Po
* A. Schulze via Postfix-users:
> https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.1
>
> 5321 btw...
Indeed, that was an unfortunate typo on my end. Thanks, Andreas.
-Ralph
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubsc
* Phil Stracchino via Postfix-users:
> Don't know whether it's a Gentoo specific issue, but Postfix failed to
> restart after update because the new lib directory was created as
> /usr/lib64/postfix/3.9, not /usr/lib64/postfix/3.9.0.
There's nothing inherently wrong with that. Here is what I se
* Nico Schottelius:
> It's the opposite and let me put it into clear, logic terms:
Oh, do try. ;-)
> I need a postfix container [0]
> I can easily build a postfix container [1]
> Others might start using my postfix container due to the lack of an
> official postfix container [2]
If (!) you publ
* postfix--- via Postfix-users:
> Spaces are not allowed in submission -o override settings.
> How do you handle adding a service?
You can use commas as separators.
-Ralph
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send
* Nico Schottelius via Postfix-users:
> As mentioned before, I/we can volunteer to building the image(s) and
> rebuilding them on a new release, if the added workload is a concern.
Why do I get the feeling that you promote the idea of an "official"
container image and your role in it because you
* natan via Postfix-users:
> If @domain.ltd in return-path and from: is dfferend then Reject "non
> allowed"
That kind of rejection can be realised easily using milter-regex [1].
Simply combine "envfrom" and "header" tests in a custom rule.
-Ralph
[1] https://www.benzedrine.ch/milter-regex.html
* natan via Postfix-users:
> > That kind of rejection can be realised easily using milter-regex [1].
> > Simply combine "envfrom" and "header" tests in a custom rule.
>
> Thenx for replay but this is not for postfix - without corrections and
> reinventing the wheel
Frankly, you are very wrong. Mi
I have been notified about datacenter maintenance which will disrupt
access to www.postfix.org. Maintenance is planned for 2024-11-27 between
03:30 and 04:30 (UTC).
There are of course mirror sites available, and I only want to make sure
that nobody is going to be surprised.
-Ralph
__
I am happy to announce that automx2 release 2025.1 is now available. As
usual, you can download it from PyPI [1] and documentation is available
via [2].
[1] https://pypi.org/project/automx2/
[2] https://rseichter.github.io/automx2/
The most notable change in this version is the addition of sd
* Steffen Nurpmeso via Postfix-users:
> >Are you referring to [1], i.e. your own draft? "Nenne Ross und
> >Reiter."
>
> Well i think that became obvious from the rest of the message.
I think it is just good manners to let people know explicitly who is
trying to promote a subject, and why. Also, t
* Steffen Nurpmeso via Postfix-users:
> there is this IETF draft which asks for support SMTPS (aka really,
> now), that is Implicit TLS via dedicated port for SMTP.
Are you referring to [1], i.e. your own draft? "Nenne Ross und Reiter."
[1] https://datatracker.ietf.org/doc/draft-nurpmeso-smtp-tl
* Steffen Nurpmeso via Postfix-users:
> There is nothing to link. postfix already supports SRV. [...]
Seriously? You refer to a draft, then don't bother to link to it, or
mention that you are the author, with an agenda to boot? What a strange
way to try to initiate a discussion. One might suspect
Consider a pre-generated text file sample.eml like this one:
From: Bob
To: al...@example.org
Subject: foobar
The message body goes here...
Imagine further that Bob is logged in as user123 on host.example.net
which runs Postfix, and Bob sends the message like so:
$ /usr/sbin/sendmail
* Wietse Venema via Postfix-users:
> If your message file has no From: header, then Postfix provides one
> based on the envelope sender address, with a "full name" for that
> header based on the -F option, or the NAME environment variable,
> or the GECOS field in the password file.
The issue I am
* Viktor Dukhovni via Postfix-users:
> Why not:
> defer_transports = local
That's what I was wondering, too. For example, I like using
postconf -e defer_transports=lmtp
in scripts, to temporarily pause message delivery from Postfix to
Dovecot during backup operations.
-Ralph
* Viktor Dukhovni via Postfix-users:
> You probably also need a "postfix reload" in such cases, because
> "defer_transports" is a qmgr(8) parameter, and qmgr(8) is a long-running
> process.
Indeed. I did not specifically mention it in my example, but I invoke
"postfix reload" after each modificat
* Steffen Nurpmeso via Postfix-users:
> I did not want to initiate a discussion, actually.
And who would have guessed? Just push a feature which does not serve a
real purpose. Discussions are *so* last year.
> It was indeed quite the other way around, as you know very well [...]
That was a lot
* Wietse Venema via Postfix-users:
> There are known blocks based on anti-TOR policies, ranging from
> anti-malware policies to censorship.
Folk fearful of the Tor Project should also be reminded that entry-nodes
and middle-nodes only route Tor traffic to other Tor nodes, by design.
Only exit-nod
* John Griffiths via Postfix-users:
> I cannot reach the www.postfix.org server. I have to use a mirror if I
> want to get to the documentation.
According to the logs, traffic to www.postfix.org is as lively as usual,
with no outages reported. During the last 24 hours, around three score
IP addre
* Erwan David via Postfix-users:
> I worked for hosting companies. One was technically ready to connect
> customers in IPv6, the other one had it on study. But in both we (the
> tech staff) were told "customers do not ask for it".
While not specifically Postfix-related, I think it is lamentable t
* Alex via Postfix-users:
> It looks like this is the place to start?
> https://github.com/milter-regex/milter-regex/tree/main
I recommend starting at http://benzedrine.ch/milter-regex.html instead,
because that's the official milter-regex homepage (plus, it shows the
formatted manpage).
-Ralph
* John Griffiths via Postfix-users:
> I was looking for reasons in my Ubiquity router's configuration and
> found that Ubiquity had added a filter for TOR exit sites in an update
> and it was enabled by default.
Not quite. As I mentioned, ra.horus-it.com is not a Tor *exit* relay,
which means tha
* John Griffiths via Postfix-users:
> Is my IP, 47.201.27.231, or the subnet(s) blocked in the firewall?
There are currently no existing blocks in the 47.201.0.0/16 subnet at
all. Unless you plan to attack the server hosting the Postfix website,
that server is not going to impose a block on your
* Klaipedaville via Postfix-users:
> I have the following setting:
> smtpd_recipient_restrictions = check_client_access
> regexp:/etc/postfix/check (other settings here)
>
> Now /etc/postfix/check contains the following line:
> /^send\d+\.server\.com$/ REJECT No spam allowed.
The expression "\d
69 matches
Mail list logo