I want to setup postfix so that my users who use laptops can access their
email from anywhere and then reply to those emails through the smtp server.
What kind of security should I setup?
I used the term "open relay" because I don't want to limit the by setting
"mynetworks" to a couple of networks. I was thinking by using sasl and tls
I could set mynetworks to 0/0.
On Thu, Feb 19, 2009 at 2:42 PM, Rich wrote:
> I want to setup postfix so that my user
Thanks everyone for the direction I needed. I am going to do sasl with
tls. Seems to be a good way to go.
On Thu, Feb 19, 2009 at 4:44 PM, mouss wrote:
> Rich a écrit :
> > I used the term "open relay" because
>
> unfortunately for you, you can't arbitrarily
Has any ever integrated Lotus Domino Ldap with postfix and used it for
authentication?
I am going to use Cyrus SASL.
How do you use the mechanism to integrate with the ldap server that is part
of Lotus Domino/Notes?
On Fri, Feb 27, 2009 at 10:18 AM, Brian Evans - Postfix List <
grkni...@scent-team.com> wrote:
> Rich wrote:
> > Has any ever integrated Lotus D
Do you know of any script/software that has been written to be that "glue"
you speak of?
On Fri, Feb 27, 2009 at 4:35 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Fri, Feb 27, 2009 at 08:24:32AM -0500, Rich wrote:
>
> > Has any ever integ
Pat, I did not know how to do that. I will test this suggestion on Monday.
On Sat, Feb 28, 2009 at 3:02 PM, Patrick Ben Koetter
wrote:
> * Rich :
> > Do you know of any script/software that has been written to be that
> "glue"
> > you speak of?
>
> Any objec
I am getting the below error when I try to send email from a pc from the
same network using sasl authentication to the postfix server.
Oct 24 23:02:36 server postfix/smtp[25874]: 7349F21003C: to=<
rhd...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.07,
delays=0.05/0.01/0/0.01, dsn=5.0.0,
-- Forwarded message --
From: Rich
Date: Mon, Oct 25, 2010 at 2:00 AM
Subject: Re: Problem with relaying denied error
To: Stan Hoeppner
On Mon, Oct 25, 2010 at 1:39 AM, Stan Hoeppner wrote:
> Rich put forth on 10/24/2010 10:58 PM:
> > I am getting the below error w
-- Forwarded message --
From: Rich
Date: Mon, Oct 25, 2010 at 2:22 AM
Subject: Re: Problem with relaying denied error
To: Mikael Bak
On Mon, Oct 25, 2010 at 2:18 AM, Mikael Bak wrote:
> Stan Hoeppner wrote:
> [snip]
> > Yes. I would suggest configuring a new sm
Nick I have a simple and elegant solution that has been working for
years. I am using postfix, spamassassin with spampd proxy server and
god-forbid, a purchase piece of software for antivirus from Command
Central called Vexira. It is a simple setup and has worked for us.
On 11/1/2010 5:36 AM,
The only difference I would have on this server is I would make it a 10 raid
and not raid5. This is a much more higher performing with all the writes to
maildir. Its also better fault tolerance.
On Mon, Nov 8, 2010 at 7:25 AM, Stan Hoeppner wrote:
> ahmad riza h nst put forth on 11/8/2010 4:08
, Stan Hoeppner wrote:
> Rich put forth on 11/10/2010 1:52 AM:
> > The only difference I would have on this server is I would make it a 10
> raid
> > and not raid5. This is a much more higher performing with all the writes
> to
> > maildir. Its also better fault tolerance.
So your question is to have anyone on mynetwork to not have to authenticate
and have anyone who is not on mynetwork to have to authenticate?
*smtpd_sasl_exceptions_networks=$mynetworks*
2010/11/22 b2
> Hi list,
> I have to setup my postfix virtual mailbox configuration to permit all
> clients l
wouldn't making your content filter box your mx do it?
On Jan 20, 2011 4:15 PM, "Paul Amaranth" wrote:
> I have a postfix configuration issue, I'm wondering if anybody has any
> experience with this kind of situation.
>
> I have an openXchange groupware box running a version of Postfix. We
recent
Check the permissions on the sasldb2 file. Postfix user needs to have
access to it.
On Tue, Apr 5, 2011 at 12:53 PM, Wietse Venema wrote:
> David Brown:
> > Hello, I have recently replaced my old postfix with 2.7.0. And, for the
> > first time I am trying to use IMAP (dovecot). Receiving email
use sasl authentication.
On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman wrote:
> On 2011-07-20 09:44, Erik - versatel wrote:
>
>> Hai,
>>
>> I have a configuration and dont want to use UNIX account for receiving or
>> sending mail.
>> I want ONLY Virtual Users.
>> So I did think is this possib
ow-up.
And, temporarily stymied by what's going on. Best to ask first:
(1) Does current Postfix support use of MySQL StoredProcedures in its lookups?
(2) Is the problem I'm seeing due to that missing flag?
(3) Are any/all changes req'd for that support committed to the source
tree, or do I need patch source, or modify my queries further?
Rich
x 1.1.x and PostgreSQL 7.1+ and support for
calling stored procedures were added by Philip Warner."
Can't find similar for MySQL at
http://www.postfix.org/MYSQL_README.html
or anywhere else I've looked yet.
Rather than kludging, I'd like to know if StoredProcs are, or will be
soon, 'in' Postfix.
Rich
UNC('%s');
seems to work. At least valid/invalid domains are getting
passed/rejected early in the transaction, as intended. Need to watch
downstream.
If anyone else has success with this, or has comments why this
approach is wrong, it'd be useful to know.
Rich
eading thru the referenced posts, too.
As for implementation goals -- if (and not yet convinced, myself)
StoredFunctions do the trick with current src, is anything required to
be done? Or is the goal of 'officially' supporting both Stored Funcs
& Procs a 'good thing'?
Rich
on't use
> DBMSes with Postfix, and I don't have time to find out. If someone
> wants to make a contribution, my previous email has all the pointers
> to find out what it would take.
Appreciated. Others on the list clearly have interest. Hope they'll chime in.
Rich
box table; from=
to= proto=ESMTP helo=
and to a 'GOOD' address is accepted,
Oct 15 19:43:23 mx postfix/smtpd[342]: proxy-accept: END-OF-MESSAGE:
250 2.0.0 Ok: queued as 01C1A22891; from=
to= proto=ESMTP helo=
WORKSFORME.
Rich
l:/etc/postfix/virtual_mailbox_maps.cf
>
> postmap -q BAD_DOMAIN proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
>
as intended.
Rich
I have a postfix with lotus notes setup. That peice is working fine. I use
a transport map entry to send the email to the Domino server.
What I want to do is send all incoming and outgoing mail to a second server
that will be for historical purposes. I will be using cyrus as the
mailstore.
My chal
I am not sure of this, but can't you use the same sasldb to authenticate
to dovecot like you can to Postfix. I know they both can use it so you
should be able to use the same sasldb file. Not sure. Just an idea.
On Sat, Apr 7, 2012 at 5:52 PM, Mike Jones! <
property.of.mike.jo...@gmail.com> wro
I am trying to build an archive server for all email. Here is my setup.
My domain is domain.com
my email server is mail.domain.com and the main.cf settings are:
mydomain is domain.com
myhostname is mail.domain.com
I have a sender_bcc file that says
user u...@archive.domain.com
the arc
I am still getting the loop. I am getting the message back at my
mail.domain.com. could it be something to do with dns or my mx for my
domain?
On Sun, Apr 8, 2012 at 6:21 PM, Ansgar Wiechers wrote:
> On 2012-04-08 Rich wrote:
> > My domain is domain.com
> > my email server is
It is postfix. It is being sent back to mail. It seems to be sent back to
the mx mail server from archive.
On Tuesday, April 10, 2012, mouss wrote:
> Le 08/04/2012 20:13, Rich a écrit :
> > I am trying to build an archive server for all email. Here is my setup.
> >
&
I have wondered why you would want your email in one file. I have always
thought it was better to have a setup like cyrus that uses skiplist or
berkley.db. sounds like that is what you have. You have some sort of
mailstore. check to see if its cyrus MTA. Sounds like that is what you are
running. P
Do you mean remove the email?
On Aug 8, 2014 7:38 AM, "richard lucassen"
wrote:
>
> Hello list,
>
> Is it possible to manage the verify database manually? E.g. remove a
> negative address entry?
>
> I forward mail to backend servers and when a backend server gives a
> "5xx no such user", the negat
Its says to rename or delete it and restart the postfix. It will rebuild.
On Aug 8, 2014 8:03 AM, "richard lucassen"
wrote:
>
> On Fri, 8 Aug 2014 07:56:24 -0400
> Rich wrote:
>
> > Do you mean remove the email?
>
> No, the entr
main, localhost, $mydomain
inet_interfaces = $myhostname, localhost
HELP!!!
Rich
org type=A:
Host not found, try again
How do I properly refer lookups to zen.spamhaus.org? I did not find
anything relevant on the web site.
TIA,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innova
x. We probably average 300 incoming messages per day (mostly on
technical mail lists), but have thousands of rejections.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://www.appl-ec
On Thu, 15 Jan 2009, Rich Shepard wrote:
Interesting. There are only two of us users at this domain and the
overwhelming majority of incoming messages are spam that's rejected by
postfix. We probably average 300 incoming messages per day (mostly on
technical mail lists), but have thousan
rvers otherwise.
So, now I need to consider whether to remove the spamhaus line from
main.cf or set up and maintain my own dns server.
Many thanks, mouss!
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|I
basis for comparison.
Thanks for the insight,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
de it into the local cache.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
On Fri, 16 Jan 2009, Res wrote:
It's been proven time after time after time this is not so, and/or
whatever they use to calculate this, is horribly inaccurate and has been
for a long time.
THank you, Res. I changed DNS nameservers and resolved the issue.
Rich
--
Richard B. Shepard,
ache for a long time, don't know that it's
worth replacing with something new.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://www.appl-ecosys.com> Voice: 503-
On Thu, 15 Jan 2009, Victor Duchovni wrote:
This misses the point, ...
Victor,
I'm not at all surprised. I've never delved deeply into DNS; it's so
peripheral to our business that I have no time to spend learning all about
it.
Your explanation is much appreciated.
Ric
g for such zone though).
Geert,
I've replaced dnscache with dnsmasq because the latter comes with the
Slackware distribution, is better documented, and is working. I've also
changed to DNS servers that work with zen.spamhaus.org and I see the
difference in today's mail log re
value in setting up and
configuring bind.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
3:31 salmo qpopper[29179]: pamela at wap.appl-ecosys.com
(192.168.55.200): -ERR [SYS/PERM] Unable to process From lines (envelopes),
change recognition modes or check for corrupted mail drop.
Where do I start looking for this problem's source?
TIA,
Rich
--
Richard B. Shepard, Ph.D.
dless, I changed the ones in /var/spool/mail to
match yours. If that doesn't solve the problem ...
If not owner+perms, see this link that turned up on a Google search of
your logged error:
I'll check these out. I did not enter that error in Google; I should have
done that
On Sat, 24 Jan 2009, Douglas C. Stephens wrote:
1. No clue. I have no users that run Alpine.
Douglas,
Got it fixed. Set smtp-sender=localhost and that fixed the slowness.
Whew!
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem
size=4839, nrcpt=1 (queue active)
I've replace the actual username.
There should be nothing in procmail that prevents delivery so I'm really
puzzled where these went.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosyste
.@appl-ecosys.com
-- 3 Kbytes in 1 Request.
Procmail's not held out on me before, and I've been using it for more than
a decade. I'm puzzled.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|
On Wed, 11 Feb 2009, Terry Carmen wrote:
Postfix delivered it to procmail, so postfix is done with it.
I saw that, but there's nothing in ~/procmail/log since 2007.
Time to look further.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredib
te earlier, procmail's not delivered mail to me before this.
I'll ask the sender to send a test message so I can see what's recorded.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|In
Why, after a dozen years, one sender's mail doesn't make it through the
LDA to my inbox is a great mystery to me.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
<http://w
ne relay, and
a different username/password when sending to another relay. But for
the moment, I'd be content simply to have authentication for one and
only one of the relays I need to use.
--
Rich Wales
ri...@richw.org
have one username / password for www.richw.org, and no authentication
for sandals.richw.org), or else use per-sender SMTP authentication (and
use different username / password data for each sender, but attempt to
authenticate identically to either server) -- but I apparently can *not*
have authent
ng to relay
host B -- am I currently out of luck?
Rich Wales
ri...@richw.org
x27;ve managed to clean up my own setup (thanks for your earlier help in
this regard), so this is no longer an immediate need of mine, but I
could imagine some other people might run into this kind of issue, so
it seemed to still be worth bringing up.
Rich Wales
ri...@richw.org
ransport, ldap:ldaproute-drexel,
ldap:ldaproute-cabrini, ldap:ldaproute-drexel.com
unknown_local_recipient_reject_code = 550
Please let me know if there's any more output that would be useful in debugging
this.
Thanks,
Rich
Thanks for responding. It appears that we had a duplicate mail alias, which
caused the ldap map to return two mailhosts and made our smtp processes
die. Fixed that and the problem seems to have gone away.
Rich
that are overquota and then hanging up. My impression was that it
should send to all valid recipients and only defer for those that we return a
4xx.
Are we incorrectly configured here?
Thanks,
Rich
postfix that the warnings are spurious?
Rich
nings, but they have
appeared in the pflogsumm report each of the past three days ... after I
fixed the reported discrepancies.
So, I'll now ignore them until they decide to go away.
Many thanks,
Rich
o look for how to do this.
Thanks,
Rich
period specification
so I can change it from weekly to daily.
Rich
and it kicks back messages from the listed domains.
Also, I use a badip file for specific IP addresses and address blocks.
HTH,
Rich
I
be doing this? Alternatively, if I use the HOLD option instead, where are
those messages held until I can examine them?
Rich
eaders of these I see the "Content-Transfer-Encoding: base64" line,
and I don't see it in other messages in my inbox. I think that alpine
automatically decodes them after postfix hands them off to procmail so the
UCE filters stop working.
Rich
or
deleted/requeued with the "postsuper" command.
Wietse,
Thank you. I'll try this instead of the warn action.
Rich
coded. I'm without a clue
why they ended up in the hold queue.
Anyway, this filter string does not seem to be working for me.
Rich
I just upgraded from -2.7.1 to -2.8.2. I see there are many changes
between my existing main.cf and the new main.cf.default.new. Is there an
efficient way to preserve the specifics of my current main.cf while adding
the new features in the main.cf.default.new?
Thanks,
Rich
mmand incorrectly?
Rich
needed to set smtpd_delay_reject to yes to resolve the issue.
I suppose that I can remove main.cf.new and main.cf.default.new, correct?
Thanks,
Rich
On Sun, 3 Apr 2011, Rich Shepard wrote:
If I understand you correctly, applying upgrade-configuration should be
all I need to do and parameters such as smtpd_delay_reject = yes should be
in 2.8.2 without explicit inclusion in main.cf. Yet a colleage of mine
still has his mail to me rejected
x27;s not the problem we're having.
Many thanks,
Rich
but I'm not going to hold my
breath, and I can't afford the petty luxury of refusing to look at an
e-mail reply because Google broke the specs.
See below for my "postconf -n" output. Any ideas?
Rich Wales
Palo Alto, CA, USA
ri...@richw.org
==
o_header_body_checks
from "smtp"?
I'm including a copy (see below) of the "smtp" configuration stanza from
my master.cf file.
Rich Wales
ri...@richw.org
==
smtp inet n -
nd make sure I don't break anything.
Thanks again.
Rich Wales
ri...@richw.org
, I want Postfix to
automatically try "Plan B".
In general, is there any way to do what I want?
Rich Wales
Palo Alto, CA, USA
ri...@richw.org
did not contain one of a limited set of extended status codes
(such as the 5.1.x codes). I'm not sure if Postfix has any way of
being told to do this sort of thing or not.
Rich Wales
ri...@richw.org
ming that I can use smtp_reply_filter to mark "block list" rejections
in a distinctive manner (and prevent them from being treated as hard
rejects), is there any way for me to convince Postfix to send these
messages to an alternate smarthost?
Rich Wales
ri...@richw.org
ries reply code to a 4xx-series code,
except it will keep the reply unchanged if there is a 5.1.x (address
status error) enhanced status code.
Rich Wales
ri...@richw.org
*real*
fallback relay as its relay host, and enable sender-dependent
authentication in the separate service instead of in my standard
SMTP service. But I realize that would be a messy kludge, and I'd
prefer not to do it this way except as a la
doesn't
like my sender-dependent authentication info intended only for my fallback
relay, and I can't selectively give out or withhold my authentication info
because sender-dependent authentication cares *only* about the sender and
apparently can't be told to care about the identity of the destination host.
Any suggestions would be welcome.
Rich Wales
ri...@richw.org
ight. If you would
prefer to simply ignore my second message (in which I tried to say
that a possible workaround I had considered doesn't seem to work) and
consider only my original message (perhaps ignoring the paragraph near
the end starting with "I'm starting to ponder"), I won't object.
Rich Wales
ri...@richw.org
, Victor.
A followup question, if I may. Briefly, can you help me understand what is
going on in a situation like mine that will require the use of a second,
completely separate Postfix instance (and precludes doing what I want to do
in a separate master.cf entry)?
Rich Wales
ri...@richw.org
's no way to tag messages in a single Postfix queue
with some sort of "already processed once -- let the secondary smtp
agent take care of this one" marker? Instead, doing this requires a
separate Postfix instance (with its own separate queue)?
Rich Wales
ri...@richw.org
sword
combo -- and thereby stop having to use sender-dependent authentication,
and thus avoid the problems which accompanied the sending of my auth
credentials to random servers, without needing to do anything complex.
For the time being, I'm happy. :-) Thanks to everyone for their help
ash a server by sending huge messages that are
just under the advertised maximum length -- hence the idea of omitting this
item from the EHLO response. I'd certainly be interested in hearing other
thoughts about EHLO-related security concerns.
Rich Wales
Palo Alto, CA
ri...@richw.org
#x27;m sure someone will correct me if I'm
mistaken), there isn't any way to tell Postfix not to accept EHLO or
other extended commands at all -- nor should there be, in most people's
opinions.
Rich Wales
ri...@richw.org
some of the extended features (such
as STARTTLS) are simply not expendable. This fact may or may not
influence a paranoid management type who is making demands based on
a fuzzy advisory from a security tool or a vague warning in a trade
rag, but I'm not at all surprised that Postfix does not appear to
have any way to disable EHLO entirely.
Rich Wales
ri...@richw.org
at also
disable the feature? Or do I have to do other things to actually
turn a feature off and make it unavailable even if a client tries to
issue a command (such as ETRN) that was not advertised in my EHLO
response?
Rich Wales
ri...@richw.org
do anything but
waste your time and get people even more upset.
Rich Wales
ri...@richw.org
Is your mail server running Postfix? If not, you're probably not
going to find very much useful information from this list.
You should obviously identify which users have weak passwords and
make them change their passwords ASAP.
Rich Wales
ri...@richw.org
quot; and why a
mail server must *NOT* do deep parsing using Spamhaus's PBL block
list (their list of dynamic end-user IP addresses that ought to be
sending out their mail via their ISP's mail server rather than trying
to talk directly to destinations).
Rich Wales
ri...@richw.org
If I enable postscreen and specify my choice of blocklists and whitelists
in postscreen_dnsbl_sites, am I correct in assuming that I might as well
remove any reject_rbl_client and permit_dnswl_client clauses from my
smtpd_*_restrictions, since they will now be redundant?
Rich Wales
ri
letely) and assigned different scores depending on the returned
value from a given list. (I won't go into the details, they would be
off-topic here, but it's nice to have this capability.)
Rich Wales
ri...@richw.org
or reject. Do you think there would be any
point in doing this? Or would it just be a meaningless exercise, and
you might as well query everything every time?
Rich Wales
ri...@richw.org
a thing planned, not
planned, or perhaps intrinsically evil for some reason I'm not thinking of?
Rich Wales
ri...@richw.org
here is an smtpd_reject_unlisted_sender parameter (which
is "no" by default). What issues would I want to consider before
deciding to enable this parameter in my configuration?
I'm running Postfix 2.8.1 on an Ubuntu server.
Rich Wales
ri...@richw.org
with a "permit", right? (I think
this would have to be the case, otherwise it wouldn't make any sense,
but . . . .)
So, having smtpd_reject_unlisted_recipient = yes is not exactly the
same as having reject_unlisted_recipient at the very end of the list
of smtpd_recipient_restrictions item
sed to detect and
block IP addresses which are known spam sources and/or are dynamically
assigned. This particular IP address, for example, is listed in the
Spamhaus ZEN list (zen.spamhaus.org; http://www.spamhaus.org/zen/).
Read the documentation for the "reject_rbl_client" restriction.
Rich Wales
ri...@richw.org
1 - 100 of 355 matches
Mail list logo
