Best way to set up an open relay postfix

2009-02-19 Thread Rich
I want to setup postfix so that my users who use laptops can access their email from anywhere and then reply to those emails through the smtp server. What kind of security should I setup?

Re: Best way to set up an open relay postfix

2009-02-19 Thread Rich
I used the term "open relay" because I don't want to limit the by setting "mynetworks" to a couple of networks. I was thinking by using sasl and tls I could set mynetworks to 0/0. On Thu, Feb 19, 2009 at 2:42 PM, Rich wrote: > I want to setup postfix so that my user

Re: Best way to set up an open relay postfix

2009-02-19 Thread Rich
Thanks everyone for the direction I needed. I am going to do sasl with tls. Seems to be a good way to go. On Thu, Feb 19, 2009 at 4:44 PM, mouss wrote: > Rich a écrit : > > I used the term "open relay" because > > unfortunately for you, you can't arbitrarily

Integrating Lotus Domino Ldap

2009-02-27 Thread Rich
Has any ever integrated Lotus Domino Ldap with postfix and used it for authentication?

Re: Integrating Lotus Domino Ldap

2009-02-27 Thread Rich
I am going to use Cyrus SASL. How do you use the mechanism to integrate with the ldap server that is part of Lotus Domino/Notes? On Fri, Feb 27, 2009 at 10:18 AM, Brian Evans - Postfix List < grkni...@scent-team.com> wrote: > Rich wrote: > > Has any ever integrated Lotus D

Re: Integrating Lotus Domino Ldap

2009-02-28 Thread Rich
Do you know of any script/software that has been written to be that "glue" you speak of? On Fri, Feb 27, 2009 at 4:35 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Fri, Feb 27, 2009 at 08:24:32AM -0500, Rich wrote: > > > Has any ever integ

Re: Integrating Lotus Domino Ldap

2009-02-28 Thread Rich
Pat, I did not know how to do that. I will test this suggestion on Monday. On Sat, Feb 28, 2009 at 3:02 PM, Patrick Ben Koetter wrote: > * Rich : > > Do you know of any script/software that has been written to be that > "glue" > > you speak of? > > Any objec

Problem with relaying denied error

2010-10-24 Thread Rich
I am getting the below error when I try to send email from a pc from the same network using sasl authentication to the postfix server. Oct 24 23:02:36 server postfix/smtp[25874]: 7349F21003C: to=< rhd...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.07, delays=0.05/0.01/0/0.01, dsn=5.0.0,

Fwd: Problem with relaying denied error

2010-10-24 Thread Rich
-- Forwarded message -- From: Rich Date: Mon, Oct 25, 2010 at 2:00 AM Subject: Re: Problem with relaying denied error To: Stan Hoeppner On Mon, Oct 25, 2010 at 1:39 AM, Stan Hoeppner wrote: > Rich put forth on 10/24/2010 10:58 PM: > > I am getting the below error w

Fwd: Problem with relaying denied error

2010-10-24 Thread Rich
-- Forwarded message -- From: Rich Date: Mon, Oct 25, 2010 at 2:22 AM Subject: Re: Problem with relaying denied error To: Mikael Bak On Mon, Oct 25, 2010 at 2:18 AM, Mikael Bak wrote: > Stan Hoeppner wrote: > [snip] > > Yes. I would suggest configuring a new sm

Re: Postfix as an SMTP proxy?

2010-11-01 Thread Rich
Nick I have a simple and elegant solution that has been working for years. I am using postfix, spamassassin with spampd proxy server and god-forbid, a purchase piece of software for antivirus from Command Central called Vexira. It is a simple setup and has worked for us. On 11/1/2010 5:36 AM,

Re: postfix and thousands unix user

2010-11-09 Thread Rich
The only difference I would have on this server is I would make it a 10 raid and not raid5. This is a much more higher performing with all the writes to maildir. Its also better fault tolerance. On Mon, Nov 8, 2010 at 7:25 AM, Stan Hoeppner wrote: > ahmad riza h nst put forth on 11/8/2010 4:08

Re: postfix and thousands unix user

2010-11-10 Thread Rich
, Stan Hoeppner wrote: > Rich put forth on 11/10/2010 1:52 AM: > > The only difference I would have on this server is I would make it a 10 > raid > > and not raid5. This is a much more higher performing with all the writes > to > > maildir. Its also better fault tolerance.

Re: mynetworks or sasl auth

2010-11-22 Thread Rich
So your question is to have anyone on mynetwork to not have to authenticate and have anyone who is not on mynetwork to have to authenticate? *smtpd_sasl_exceptions_networks=$mynetworks* 2010/11/22 b2 > Hi list, > I have to setup my postfix virtual mailbox configuration to permit all > clients l

Re: Configuring Postfix for an external content filter box

2011-01-20 Thread Rich
wouldn't making your content filter box your mx do it? On Jan 20, 2011 4:15 PM, "Paul Amaranth" wrote: > I have a postfix configuration issue, I'm wondering if anybody has any > experience with this kind of situation. > > I have an openXchange groupware box running a version of Postfix. We recent

Re: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

2011-04-05 Thread Rich
Check the permissions on the sasldb2 file. Postfix user needs to have access to it. On Tue, Apr 5, 2011 at 12:53 PM, Wietse Venema wrote: > David Brown: > > Hello, I have recently replaced my old postfix with 2.7.0. And, for the > > first time I am trying to use IMAP (dovecot). Receiving email

Re: I only want to use Virtual Users - No UNIX accounts at ALL

2011-07-20 Thread Rich
use sasl authentication. On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman wrote: > On 2011-07-20 09:44, Erik - versatel wrote: > >> Hai, >> >> I have a configuration and dont want to use UNIX account for receiving or >> sending mail. >> I want ONLY Virtual Users. >> So I did think is this possib

'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
ow-up. And, temporarily stymied by what's going on. Best to ask first: (1) Does current Postfix support use of MySQL StoredProcedures in its lookups? (2) Is the problem I'm seeing due to that missing flag? (3) Are any/all changes req'd for that support committed to the source tree, or do I need patch source, or modify my queries further? Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
x 1.1.x and PostgreSQL 7.1+ and support for calling stored procedures were added by Philip Warner." Can't find similar for MySQL at http://www.postfix.org/MYSQL_README.html or anywhere else I've looked yet. Rather than kludging, I'd like to know if StoredProcs are, or will be soon, 'in' Postfix. Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
UNC('%s'); seems to work. At least valid/invalid domains are getting passed/rejected early in the transaction, as intended. Need to watch downstream. If anyone else has success with this, or has comments why this approach is wrong, it'd be useful to know. Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
eading thru the referenced posts, too. As for implementation goals -- if (and not yet convinced, myself) StoredFunctions do the trick with current src, is anything required to be done? Or is the goal of 'officially' supporting both Stored Funcs & Procs a 'good thing'? Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
on't use > DBMSes with Postfix, and I don't have time to find out.  If someone > wants to make a contribution, my previous email has all the pointers > to find out what it would take. Appreciated. Others on the list clearly have interest. Hope they'll chime in. Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
box table; from= to= proto=ESMTP helo= and to a 'GOOD' address is accepted, Oct 15 19:43:23 mx postfix/smtpd[342]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as 01C1A22891; from= to= proto=ESMTP helo= WORKSFORME. Rich

Re: 'fatal: table lookup' problem with Postfix lookup call to MySQL StoredProcedure

2011-10-15 Thread Rich
l:/etc/postfix/virtual_mailbox_maps.cf > > postmap -q BAD_DOMAIN proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf > as intended. Rich

I want to route all email to a second server.

2012-02-17 Thread Rich
I have a postfix with lotus notes setup. That peice is working fine. I use a transport map entry to send the email to the Domino server. What I want to do is send all incoming and outgoing mail to a second server that will be for historical purposes. I will be using cyrus as the mailstore. My chal

Re: Tying it together: postfix, sasl, dovecot

2012-04-07 Thread Rich
I am not sure of this, but can't you use the same sasldb to authenticate to dovecot like you can to Postfix. I know they both can use it so you should be able to use the same sasldb file. Not sure. Just an idea. On Sat, Apr 7, 2012 at 5:52 PM, Mike Jones! < property.of.mike.jo...@gmail.com> wro

how to fix forwarding loop

2012-04-08 Thread Rich
I am trying to build an archive server for all email. Here is my setup. My domain is domain.com my email server is mail.domain.com and the main.cf settings are: mydomain is domain.com myhostname is mail.domain.com I have a sender_bcc file that says user u...@archive.domain.com the arc

Re: how to fix forwarding loop

2012-04-08 Thread Rich
I am still getting the loop. I am getting the message back at my mail.domain.com. could it be something to do with dns or my mx for my domain? On Sun, Apr 8, 2012 at 6:21 PM, Ansgar Wiechers wrote: > On 2012-04-08 Rich wrote: > > My domain is domain.com > > my email server is

Re: how to fix forwarding loop

2012-04-10 Thread Rich
It is postfix. It is being sent back to mail. It seems to be sent back to the mx mail server from archive. On Tuesday, April 10, 2012, mouss wrote: > Le 08/04/2012 20:13, Rich a écrit : > > I am trying to build an archive server for all email. Here is my setup. > > &

Re: Problem with eMail on Cloud Servers

2012-08-15 Thread Rich
I have wondered why you would want your email in one file. I have always thought it was better to have a setup like cyrus that uses skiplist or berkley.db. sounds like that is what you have. You have some sort of mailstore. check to see if its cyrus MTA. Sounds like that is what you are running. P

Re: verify database

2014-08-08 Thread Rich
Do you mean remove the email? On Aug 8, 2014 7:38 AM, "richard lucassen" wrote: > > Hello list, > > Is it possible to manage the verify database manually? E.g. remove a > negative address entry? > > I forward mail to backend servers and when a backend server gives a > "5xx no such user", the negat

Re: verify database

2014-08-08 Thread Rich
Its says to rename or delete it and restart the postfix. It will rebuild. On Aug 8, 2014 8:03 AM, "richard lucassen" wrote: > > On Fri, 8 Aug 2014 07:56:24 -0400 > Rich wrote: > > > Do you mean remove the email? > > No, the entr

Looping in new production machine!

2008-12-31 Thread Rich Winkel
main, localhost, $mydomain inet_interfaces = $myhostname, localhost HELP!!! Rich

Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
org type=A: Host not found, try again How do I properly refer lookups to zen.spamhaus.org? I did not find anything relevant on the web site. TIA, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innova

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
x. We probably average 300 incoming messages per day (mostly on technical mail lists), but have thousands of rejections. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://www.appl-ec

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
On Thu, 15 Jan 2009, Rich Shepard wrote: Interesting. There are only two of us users at this domain and the overwhelming majority of incoming messages are spam that's rejected by postfix. We probably average 300 incoming messages per day (mostly on technical mail lists), but have thousan

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
rvers otherwise. So, now I need to consider whether to remove the spamhaus line from main.cf or set up and maintain my own dns server. Many thanks, mouss! Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|I

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
basis for comparison. Thanks for the insight, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
de it into the local cache. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863

Re: Properly Specifying RBL in main.cf -- RESOLVED

2009-01-15 Thread Rich Shepard
On Fri, 16 Jan 2009, Res wrote: It's been proven time after time after time this is not so, and/or whatever they use to calculate this, is horribly inaccurate and has been for a long time. THank you, Res. I changed DNS nameservers and resolved the issue. Rich -- Richard B. Shepard,

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
ache for a long time, don't know that it's worth replacing with something new. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://www.appl-ecosys.com> Voice: 503-

Re: Properly Specifying RBL in main.cf

2009-01-15 Thread Rich Shepard
On Thu, 15 Jan 2009, Victor Duchovni wrote: This misses the point, ... Victor, I'm not at all surprised. I've never delved deeply into DNS; it's so peripheral to our business that I have no time to spend learning all about it. Your explanation is much appreciated. Ric

Re: Properly Specifying RBL in main.cf

2009-01-16 Thread Rich Shepard
g for such zone though). Geert, I've replaced dnscache with dnsmasq because the latter comes with the Slackware distribution, is better documented, and is working. I've also changed to DNS servers that work with zen.spamhaus.org and I see the difference in today's mail log re

Re: Properly Specifying RBL in main.cf

2009-01-16 Thread Rich Shepard
value in setting up and configuring bind. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863

Two New Issues

2009-01-24 Thread Rich Shepard
3:31 salmo qpopper[29179]: pamela at wap.appl-ecosys.com (192.168.55.200): -ERR [SYS/PERM] Unable to process From lines (envelopes), change recognition modes or check for corrupted mail drop. Where do I start looking for this problem's source? TIA, Rich -- Richard B. Shepard, Ph.D.

Re: Two New Issues

2009-01-24 Thread Rich Shepard
dless, I changed the ones in /var/spool/mail to match yours. If that doesn't solve the problem ... If not owner+perms, see this link that turned up on a Google search of your logged error: I'll check these out. I did not enter that error in Google; I should have done that

Re: Two New Issues

2009-01-24 Thread Rich Shepard
On Sat, 24 Jan 2009, Douglas C. Stephens wrote: 1. No clue. I have no users that run Alpine. Douglas, Got it fixed. Set smtp-sender=localhost and that fixed the slowness. Whew! Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem

Mail Received But Not Delivered

2009-02-11 Thread Rich Shepard
size=4839, nrcpt=1 (queue active) I've replace the actual username. There should be nothing in procmail that prevents delivery so I'm really puzzled where these went. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosyste

Re: Mail Received But Not Delivered

2009-02-11 Thread Rich Shepard
.@appl-ecosys.com -- 3 Kbytes in 1 Request. Procmail's not held out on me before, and I've been using it for more than a decade. I'm puzzled. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|

Re: Mail Received But Not Delivered

2009-02-11 Thread Rich Shepard
On Wed, 11 Feb 2009, Terry Carmen wrote: Postfix delivered it to procmail, so postfix is done with it. I saw that, but there's nothing in ~/procmail/log since 2007. Time to look further. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredib

Re: Mail Received But Not Delivered

2009-02-11 Thread Rich Shepard
te earlier, procmail's not delivered mail to me before this. I'll ask the sender to send a test message so I can see what's recorded. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|In

Re: Mail Received But Not Delivered

2009-02-11 Thread Rich Shepard
Why, after a dozen years, one sender's mail doesn't make it through the LDA to my inbox is a great mystery to me. Thanks, Rich -- Richard B. Shepard, Ph.D. | IntegrityCredibility Applied Ecosystem Services, Inc.|Innovation <http://w

SMTP sender-dependent authentication per host?

2010-05-29 Thread Rich Wales
ne relay, and a different username/password when sending to another relay. But for the moment, I'd be content simply to have authentication for one and only one of the relays I need to use. -- Rich Wales ri...@richw.org

Re: SMTP sender-dependent authentication per host?

2010-05-30 Thread Rich Wales
have one username / password for www.richw.org, and no authentication for sandals.richw.org), or else use per-sender SMTP authentication (and use different username / password data for each sender, but attempt to authenticate identically to either server) -- but I apparently can *not* have authent

Re: SMTP sender-dependent authentication per host?

2010-05-31 Thread Rich Wales
ng to relay host B -- am I currently out of luck? Rich Wales ri...@richw.org

Re: SMTP sender-dependent authentication per host?

2010-05-31 Thread Rich Wales
x27;ve managed to clean up my own setup (thanks for your earlier help in this regard), so this is no longer an immediate need of mine, but I could imagine some other people might run into this kind of issue, so it seemed to still be worth bringing up. Rich Wales ri...@richw.org

Mail being deferred with unknown mail transport error

2010-10-01 Thread Rich Bishop
ransport, ldap:ldaproute-drexel, ldap:ldaproute-cabrini, ldap:ldaproute-drexel.com unknown_local_recipient_reject_code = 550 Please let me know if there's any more output that would be useful in debugging this. Thanks, Rich

Re: Mail being deferred with unknown mail transport error

2010-10-01 Thread Rich Bishop
Thanks for responding. It appears that we had a duplicate mail alias, which caused the ldap map to return two mailhosts and made our smtp processes die. Fixed that and the problem seems to have gone away. Rich

Multi recipient mail and deferring messages

2010-10-29 Thread Rich Bishop
that are overquota and then hanging up. My impression was that it should send to all valid recipients and only defer for those that we return a 4xx. Are we incorrectly configured here? Thanks, Rich

Upgrades Leave Questionable Warnings

2010-11-12 Thread Rich Shepard
postfix that the warnings are spurious? Rich

Re: Upgrades Leave Questionable Warnings

2010-11-12 Thread Rich Shepard
nings, but they have appeared in the pflogsumm report each of the past three days ... after I fixed the reported discrepancies. So, I'll now ignore them until they decide to go away. Many thanks, Rich

Re: Upgrades Leave Questionable Warnings

2010-11-12 Thread Rich Shepard
o look for how to do this. Thanks, Rich

Specifying pflogsumm Reporting Period

2010-11-21 Thread Rich Shepard
period specification so I can change it from weekly to daily. Rich

Re: Block A Sender in Postfix

2010-11-22 Thread Rich Shepard
and it kicks back messages from the listed domains. Also, I use a badip file for specific IP addresses and address blocks. HTH, Rich

Using Postfix WARN Action Properly

2009-10-06 Thread Rich Shepard
I be doing this? Alternatively, if I use the HOLD option instead, where are those messages held until I can examine them? Rich

Re: Using Postfix WARN Action Properly

2009-10-06 Thread Rich Shepard
eaders of these I see the "Content-Transfer-Encoding: base64" line, and I don't see it in other messages in my inbox. I think that alpine automatically decodes them after postfix hands them off to procmail so the UCE filters stop working. Rich

Re: Using Postfix WARN Action Properly

2009-10-06 Thread Rich Shepard
or deleted/requeued with the "postsuper" command. Wietse, Thank you. I'll try this instead of the warn action. Rich

Re: Using Postfix WARN Action Properly

2009-10-07 Thread Rich Shepard
coded. I'm without a clue why they ended up in the hold queue. Anyway, this filter string does not seem to be working for me. Rich

Updating main.cf Efficiently

2011-04-03 Thread Rich Shepard
I just upgraded from -2.7.1 to -2.8.2. I see there are many changes between my existing main.cf and the new main.cf.default.new. Is there an efficient way to preserve the specifics of my current main.cf while adding the new features in the main.cf.default.new? Thanks, Rich

Re: Updating main.cf Efficiently

2011-04-03 Thread Rich Shepard
mmand incorrectly? Rich

Re: Updating main.cf Efficiently

2011-04-03 Thread Rich Shepard
needed to set smtpd_delay_reject to yes to resolve the issue. I suppose that I can remove main.cf.new and main.cf.default.new, correct? Thanks, Rich

Re: Updating main.cf Efficiently

2011-04-03 Thread Rich Shepard
On Sun, 3 Apr 2011, Rich Shepard wrote: If I understand you correctly, applying upgrade-configuration should be all I need to do and parameters such as smtpd_delay_reject = yes should be in 2.8.2 without explicit inclusion in main.cf. Yet a colleage of mine still has his mail to me rejected

Re: Updating main.cf Efficiently

2011-04-03 Thread Rich Shepard
x27;s not the problem we're having. Many thanks, Rich

Nulls not being stripped from incoming mail

2011-04-11 Thread Rich Wales
but I'm not going to hold my breath, and I can't afford the petty luxury of refusing to look at an e-mail reply because Google broke the specs. See below for my "postconf -n" output. Any ideas? Rich Wales Palo Alto, CA, USA ri...@richw.org ==

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Rich Wales
o_header_body_checks from "smtp"? I'm including a copy (see below) of the "smtp" configuration stanza from my master.cf file. Rich Wales ri...@richw.org == smtp inet n -

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Rich Wales
nd make sure I don't break anything. Thanks again. Rich Wales ri...@richw.org

Smarthost as backup transport if direct sending fails?

2011-04-28 Thread Rich Wales
, I want Postfix to automatically try "Plan B". In general, is there any way to do what I want? Rich Wales Palo Alto, CA, USA ri...@richw.org

Re: Smarthost as backup transport if direct sending fails?

2011-04-29 Thread Rich Wales
did not contain one of a limited set of extended status codes (such as the 5.1.x codes). I'm not sure if Postfix has any way of being told to do this sort of thing or not. Rich Wales ri...@richw.org

Re: Smarthost as backup transport if direct sending fails?

2011-04-29 Thread Rich Wales
ming that I can use smtp_reply_filter to mark "block list" rejections in a distinctive manner (and prevent them from being treated as hard rejects), is there any way for me to convince Postfix to send these messages to an alternate smarthost? Rich Wales ri...@richw.org

Re: Smarthost as backup transport if direct sending fails?

2011-04-29 Thread Rich Wales
ries reply code to a 4xx-series code, except it will keep the reply unchanged if there is a 5.1.x (address status error) enhanced status code. Rich Wales ri...@richw.org

Enabling sender-dependent authentication only for fallback relay?

2011-05-01 Thread Rich Wales
*real* fallback relay as its relay host, and enable sender-dependent authentication in the separate service instead of in my standard SMTP service. But I realize that would be a messy kludge, and I'd prefer not to do it this way except as a la

Re: Enabling sender-dependent authentication only for fallback relay?

2011-05-02 Thread Rich Wales
doesn't like my sender-dependent authentication info intended only for my fallback relay, and I can't selectively give out or withhold my authentication info because sender-dependent authentication cares *only* about the sender and apparently can't be told to care about the identity of the destination host. Any suggestions would be welcome. Rich Wales ri...@richw.org

Re: Enabling sender-dependent authentication only for fallback relay?

2011-05-02 Thread Rich Wales
ight. If you would prefer to simply ignore my second message (in which I tried to say that a possible workaround I had considered doesn't seem to work) and consider only my original message (perhaps ignoring the paragraph near the end starting with "I'm starting to ponder"), I won't object. Rich Wales ri...@richw.org

Re: Enabling sender-dependent authentication only for fallback relay?

2011-05-02 Thread Rich Wales
, Victor. A followup question, if I may. Briefly, can you help me understand what is going on in a situation like mine that will require the use of a second, completely separate Postfix instance (and precludes doing what I want to do in a separate master.cf entry)? Rich Wales ri...@richw.org

Re: Enabling sender-dependent authentication only for fallback relay?

2011-05-02 Thread Rich Wales
's no way to tag messages in a single Postfix queue with some sort of "already processed once -- let the secondary smtp agent take care of this one" marker? Instead, doing this requires a separate Postfix instance (with its own separate queue)? Rich Wales ri...@richw.org

Re: Enabling sender-dependent authentication only for fallback relay?

2011-05-02 Thread Rich Wales
sword combo -- and thereby stop having to use sender-dependent authentication, and thus avoid the problems which accompanied the sending of my auth credentials to random servers, without needing to do anything complex. For the time being, I'm happy. :-) Thanks to everyone for their help

Re: security vulnerability : SMTP daemon supports EHLO

2011-05-03 Thread Rich Wales
ash a server by sending huge messages that are just under the advertised maximum length -- hence the idea of omitting this item from the EHLO response. I'd certainly be interested in hearing other thoughts about EHLO-related security concerns. Rich Wales Palo Alto, CA ri...@richw.org

Re: security vulnerability : SMTP daemon supports EHLO

2011-05-03 Thread Rich Wales
#x27;m sure someone will correct me if I'm mistaken), there isn't any way to tell Postfix not to accept EHLO or other extended commands at all -- nor should there be, in most people's opinions. Rich Wales ri...@richw.org

Re: security vulnerability : SMTP daemon supports EHLO

2011-05-03 Thread Rich Wales
some of the extended features (such as STARTTLS) are simply not expendable. This fact may or may not influence a paranoid management type who is making demands based on a fuzzy advisory from a security tool or a vague warning in a trade rag, but I'm not at all surprised that Postfix does not appear to have any way to disable EHLO entirely. Rich Wales ri...@richw.org

Re: security vulnerability : SMTP daemon supports EHLO

2011-05-03 Thread Rich Wales
at also disable the feature? Or do I have to do other things to actually turn a feature off and make it unavailable even if a client tries to issue a command (such as ETRN) that was not advertised in my EHLO response? Rich Wales ri...@richw.org

Re: Google 7720 Error

2011-05-14 Thread Rich Wales
do anything but waste your time and get people even more upset. Rich Wales ri...@richw.org

Re: rate limiting spammers who have guessed passwords and use squirrelmail to inject into postfix

2011-05-16 Thread Rich Wales
Is your mail server running Postfix? If not, you're probably not going to find very much useful information from this list. You should obviously identify which users have weak passwords and make them change their passwords ASAP. Rich Wales ri...@richw.org

Re: Barracuda Reputatin System and Postfix

2011-05-22 Thread Rich Wales
quot; and why a mail server must *NOT* do deep parsing using Spamhaus's PBL block list (their list of dynamic end-user IP addresses that ought to be sending out their mail via their ISP's mail server rather than trying to talk directly to destinations). Rich Wales ri...@richw.org

postscreen_dnsbl_sites vs. reject_rbl_client

2011-06-06 Thread Rich Wales
If I enable postscreen and specify my choice of blocklists and whitelists in postscreen_dnsbl_sites, am I correct in assuming that I might as well remove any reject_rbl_client and permit_dnswl_client clauses from my smtpd_*_restrictions, since they will now be redundant? Rich Wales ri

Re: postscreen_dnsbl_sites vs. reject_rbl_client

2011-06-06 Thread Rich Wales
letely) and assigned different scores depending on the returned value from a given list. (I won't go into the details, they would be off-topic here, but it's nice to have this capability.) Rich Wales ri...@richw.org

Re: postscreen_dnsbl_sites vs. reject_rbl_client

2011-06-06 Thread Rich Wales
or reject. Do you think there would be any point in doing this? Or would it just be a meaningless exercise, and you might as well query everything every time? Rich Wales ri...@richw.org

Re: postscreen_dnsbl_sites vs. reject_rbl_client

2011-06-08 Thread Rich Wales
a thing planned, not planned, or perhaps intrinsically evil for some reason I'm not thinking of? Rich Wales ri...@richw.org

smtpd_reject_unlisted_recipient vs. reject_unlisted_recipient

2011-06-08 Thread Rich Wales
here is an smtpd_reject_unlisted_sender parameter (which is "no" by default). What issues would I want to consider before deciding to enable this parameter in my configuration? I'm running Postfix 2.8.1 on an Ubuntu server. Rich Wales ri...@richw.org

Re: smtpd_reject_unlisted_recipient vs. reject_unlisted_recipient

2011-06-08 Thread Rich Wales
with a "permit", right? (I think this would have to be the case, otherwise it wouldn't make any sense, but . . . .) So, having smtpd_reject_unlisted_recipient = yes is not exactly the same as having reject_unlisted_recipient at the very end of the list of smtpd_recipient_restrictions item

Re: Spam problem

2011-06-14 Thread Rich Wales
sed to detect and block IP addresses which are known spam sources and/or are dynamically assigned. This particular IP address, for example, is listed in the Spamhaus ZEN list (zen.spamhaus.org; http://www.spamhaus.org/zen/). Read the documentation for the "reject_rbl_client" restriction. Rich Wales ri...@richw.org

  1   2   3   4   >