ng with recommended settings.
--
Sahil Tandon
authentication.
--
Sahil Tandon
ut-0708.google.com[209.85.198.244]
> Feb 21 11:35:03 server2 postfix/smtpd[18192]: disconnect from
> rv-out-0708.google.com[209.85.198.244]
That's it? See "related" between "show" and "logs".
--
Sahil Tandon
nf.5.html#check_sender_access
http://www.postfix.org/access.5.html (look specifically for the "REDIRECT"
action).
--
Sahil Tandon
bout 1500 virtual users on a centos 5.2 machine with a
> raid10 array and with 8gb of ram, what settings do i need to change in
> postfix for better performance with regards to main.cf /master.cf. Dovecot
> provides POP/IMAP services.
Way too general. And ask dovecot questions on that mailing list.
--
Sahil Tandon
On Feb 24, 2009, at 11:31 AM, "Joseph L. Casale" > wrote:
Is it possible to hold mail destined to only certain users in a
queue until I then
release it manually?
Direct mail for those users to the retry transport via transport maps.
On Feb 24, 2009, at 5:08 PM, Aaron Abramson
wrote:
Is it possible to configure postfix with a threshold where if a
certain user or IP address sends 1000 emails or more in an hour,
they are blocked from sending email for a period of time?
We occasionally have users on our network with in
s, the outgoing messages
> have to be checked, while the others not), but I really can't figure out
> where I'm wronging.
IMHO, setup a submission service on port 587 and force users to relay mail
through it. Then, you can call the policy service only for mail arriving via
the submission service.
--
Sahil Tandon
laying nice (afaik), but i'm a bit concerned about the nature of this
> timeouts. Is this an expected behaviour? I've digged through the mail
> list archive and i couldn't find an answer.
Those idle timeout messages are normal and only appear when you enable
verbose logging.
--
Sahil Tandon
On Feb 27, 2009, at 3:58 AM, "Rocco Scappatura" > wrote:
Thanks Sahil for your precious answer,
I'm trying to use a policy service to limit use of my SMTP gateway
platform 'cause of heavy load that usually means hard delays to
transmit
messages.
The policy service is bound to 10031 TCP por
ail externally. From
your question, I suspect you are conflating SASL and TLS. See:
http://www.postfix.org/TLS_README.html
http://www.postfix.org/SASL_README.html
--
Sahil Tandon
On Sat, 28 Feb 2009, Big Pizzle wrote:
> On Sat, Feb 28, 2009 at 11:47 AM, Sahil Tandon wrote:
>
> > On Sat, 28 Feb 2009, Big Pizzle wrote:
> >
> > > Hi all,
> > >
> > > I've just set up Postfix 2.3.3 to authenticate against a MySQL database
>
n. Search the
archives of this mailing list for "postfwd" as one one example.
--
Sahil Tandon
On Tue, 03 Mar 2009, Baghwant wrote:
> Can u tell me how can block particular machine or email ID
> to send mail to any outer domain except local domain. Mean one user of
> ur domain can only send mail locally,
http://www.postfix.org/RESTRICTION_CLASS_README.html
On Mar 3, 2009, at 1:14 PM, Kevin Bailey
wrote:
Hiya,
We have had this setting on a mail server for a long time.
smtpd_recipient_restrictions =
permit_sasl_authenticated
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_myne
date.
+1 for using Dovecot LDA for delivery. And you needn't be clever to know the
benefits; literacy will suffice. From the first line of the documentation:
The Dovecot LDA, called deliver, is a local delivery agent which takes mail
from an MTA and delivers it to a user's mailbox, while keeping Dovecot index
files up to date.
--
Sahil Tandon
/
What happens if you set:
virtual_alias_domains =
in main.cf? Given the default value of virtual_alias_domains, it
seems you have southgaylord.com listed as both a virtual alias *and*
virtual mailbox domain.
--
Sahil Tandon
as 'postfix'; but instead, as 'user01'. If you want to submit mail to
Postfix this way, do you see why 740 is incorrect?
--
Sahil Tandon
mains :)
Ok let's try this again. As a few people on this list have politely
indicated, you *DO* have virtual_alias_domains set unless you
explicitly unset it in main.cf. See the default value for further
enlightenment.
--
Sahil Tandon
in, a
specific email address is considered invalid and is bounced at smtp?
Use transport maps to direct messages for the specific email address
to the error mailer.
http://www.postfix.org/transport.5.html
http://www.postfix.org/error.8.html
--
Sahil Tandon
ey for virtual_alias_DOMAINS should be a domain name, not
full address. Are you going to reply with some more sarcastic
pedantry? :-)
--
Sahil Tandon
On Mar 10, 2009, at 11:48 PM, Sahil Tandon wrote:
[...]
so with the above change to your main.cf, Postfix no longer accepts
mail from krem...@kreme.com.
s/from/for/
--
Sahil Tandon
mp; permit_sasl_authenticated from your smtpd_*_restrictions in main.cf".
Otherwise SASL authenticated clients will be unable to relay (probably
blocked by reject_unauth_destination at RCPT TO).
--
Sahil Tandon
ports (25, 465, 587)"
In my experience this feature is unreliable; once Mail.app succeeds in
relaying via one of those ports (25, for example), I don't see that it
*always* polls 465 and 587 if SASL fails on 25. But this is off-topic
anyway. :)
--
Sahil Tandon
hread? header_checks != smtpd_recipient_checks,
and the functionality of both is explained in the documentation.
--
Sahil Tandon
ers&m=123612736717968&w=2
OpenDNS will not blindly redirect DNS queries that look like DNSBL
requests. Notice the difference:
% dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short
208.69.32.132
% dig @resolver1.opendns.com 40.30.20.10.www.abcdefghijklmnop12345.com
+short
%
--
Sahil Tandon
On Sun, 15 Mar 2009, Wietse Venema wrote:
> Sahil Tandon:
> > OpenDNS will not blindly redirect DNS queries that look like DNSBL
> > requests. Notice the difference:
> >
> > % dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short
> > 208.6
On Sun, 15 Mar 2009, mouss wrote:
> Sahil Tandon a écrit :
> > On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote:
> >
> >> On Sun, 15 Mar 2009, Wietse Venema wrote:
> >>
> >>> Is it so hard to read what the text actually says,
> >>&g
oes not support delivery to "|command".
See: http://www.postfix.org/VIRTUAL_README.html#autoreplies.
--
Sahil Tandon
.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon
: http://www.postfix.org/DEBUG_README.html#mail.
--
Sahil Tandon
ct_unlisted_sender
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender
--
Sahil Tandon
sted in
$mydestination, $virtual_alias_domains, or any of your other domain classes.
--
Sahil Tandon
omain does not match
$mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains,
$virtual_mailbox_domains, $relay_domains, then this parameter does NOT reject
the mail.
--
Sahil Tandon
this. So what is the easiest
> way to relocate the queue directory?
http://article.gmane.org/gmane.mail.postfix.user/189169
--
Sahil Tandon
y = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
--
Sahil Tandon
On Mar 17, 2009, at 10:26 AM, Eduardo Júnior
wrote:
Hi, all
I read this:
http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit
he maximal number of connection attempts any client is allowed to
make to this service per time unit.
What does mean client?
An address IP
On Tue, 17 Mar 2009, Stacker Hush wrote:
> How i can change my setup to use TLS?
Please do not top-post or reply off-list.
http://www.postfix.org/TLS_README.html
--
Sahil Tandon
but I can't find the way to do it because I can't find a
> way to identify the begining of the mail body.
http://archives.neohapsis.com/archives/postfix/2009-03/0452.html
--
Sahil Tandon
irely on what you want to accomplish. Read about the
differences and similarities between these three parameters in postconf(5),
then choose which one is most suitable.
--
Sahil Tandon
> Some idea to solve this?
Follow instructions:
http://www.postfix.org/SASL_README.html#build_postfix
http://www.postfix.org/TLS_README.html#build_tls
--
Sahil Tandon
On Mar 20, 2009, at 4:23 PM, Post Freak wrote:
Thanks for the feedback. I told the client the maximal_backoff_time
and maximal_queue_lifetime settings were way too high, and could
cause issues, but they didn't care.
How I make sure the master.cf doesn't override the recipient
restriction
mtpd_*_restrictions do not apply to mail that enters Postfix via
pickup(8).
From: Sahil Tandon
To: Post Freak
Cc: "postfix-users@postfix.org"
Sent: Friday, March 20, 2009 3:34:13 PM
Subject: Re: Issue with smtpd_recipient_restrictions
On Mar 20, 2009, at 4:23 PM, Post Freak wrote:
DRCPT_PAR (add recipient, with optional ESMTP command parameters).
> Is the new sendmail "socketmap" functionality available in Postfix?
Nope.
Also see:
http://www.security-express.com/archives/postfix/2008-04/0837.html
http://www.irbs.net/internet/postfix/0401/1007.html
--
Sahil Tandon
http://archives.neohapsis.com/archives/postfix/2008-01/0555.html
--
Sahil Tandon
s root CA cert and let Postfix know where to find it:
http://www.postfix.org/postconf.5.html#smtp_tls_CAfile
http://www.thawte.com/roots/
--
Sahil Tandon
:/etc/postfix/virtual,hash:/etc/mailman/virtual-mailman
>
> *** /var/log/maillog with peer debug enabled ***
Please don't provide verbose/debug logging unless specifically requested.
[...]
> Mar 21 23:46:38 sh postfix/smtpd[18697]: maps_find: virtual_alias_maps:
> hash:/etc/mailman/virtual-mailman(0,lock|fold_fix): mail...@ohnosec.org
> = mailman
> Mar 21 23:46:38 sh postfix/smtpd[18697]: mail_addr_find:
> mail...@ohnosec.org -> mailman
--
Sahil Tandon
shady. Why can't you secure the system?
--
Sahil Tandon
ll not try to deliver
for another day! Is this what you want?
--
Sahil Tandon
but is there
> something that I can do to stop the connections for messages like this:
>
> Return-Path:
Reject externally originating email with ENVELOPE from postmas...@example.org
if you are responsible for example.org.
--
Sahil Tandon
the SQL user&pw used for this is working, all the
> configs and SQL entries seem to be correct as far as I can tell.
[clutter]
http://www.postfix.org/DEBUG_README.html#mail
(pay particular attention to sixth bullet point)
--
Sahil Tandon
of such an anti-spam measure.
http://archives.neohapsis.com/archives/postfix/2009-01/0483.html
--
Sahil Tandon
On Mar 27, 2009, at 12:18 PM, LuKreme wrote:
On 27-Mar-2009, at 09:57, Ralf Hildebrandt wrote:
* LuKreme :
On 26-Mar-2009, at 18:06, Sahil Tandon wrote:
On Thu, 26 Mar 2009, LuKreme wrote:
I have in my postffix helo checks, perhaps a bad idea,
[some checks up here that reject
On Mar 27, 2009, at 1:32 PM, KLaM Postmaster wrote:
Is the a readme or other document that that outlines an optimal order
for smtp_*_restrictions.
Sorry, I should have been a little more specific, I am talking about
the
order of the parameters with in a class of restriction (eg.
smtp_recip
he time you get to the filter, Postfix
has already replied with "250 2.1.5 Ok" for f...@example.com at the RCPT TO:
stage of the SMTP conversation. As a result, the client believes
f...@example.com is a valid recipient, defeating the purpose of this exercise.
--
Sahil Tandon
'r...@domain.com'.
Odd that host.domain.com is invalid while domain.com is OK. Please provide
more information like the output of 'postconf -n' (see DEBUG_README),
and in the meantime read:
http://www.postfix.org/postconf.5.html#masquerade_domains
--
Sahil Tandon
On Sat, 28 Mar 2009, mouss wrote:
> Sahil Tandon a écrit :
> > [snip]
> >
> > Don't use amavisd-new; it would be overkill for this task. And from my
> > cursory understanding of the SMTP protocol, I am not sure your goal is
> > reachable even with a simple
t postfix is not
> available? Does it just try to connect to port 25 on localhost?
No. As written above, local submissions enter Postfix via pickup(8).
Programs like mail(1) use sendmail(1).
--
Sahil Tandon
On Sat, 28 Mar 2009, mouss wrote:
> Sahil Tandon a écrit :
> > On Sat, 28 Mar 2009, mouss wrote:
> >
> >> Sahil Tandon a écrit :
> >>> [snip]
> >>>
> >>> Don't use amavisd-new; it would be overkill for this task. And from my
>
com before domain.com which is exactly what you do NOT want. The
list is processed from left to right and the first match wins. This is
documented in the postconf(5) manual, to which you were referred earlier in
the thread.
--
Sahil Tandon
ess informations. What do you think about this?
Backscatter concerns aside, if you really want to bounce mail after accepting
it, edit the section of the code that calls bounce_print_wrap() to reveal the
alias expansion. This is NOT recommended and likely to void the warranty. :-)
--
Sahil Tandon
On Sat, 28 Mar 2009, fl...@pbartels.info wrote:
[please keep this thread on-list]
> Zitat von Sahil Tandon :
>
>> On Sat, 28 Mar 2009, fl...@pbartels.info wrote:
>>
>>> I'm not sure what I should do with bounce messages from aliased addresses.
>>>
>>
$smtpd_helo_restrictions and
$smtpd_sender_restrictions. This is a feature documented in postconf(5).
--
Sahil Tandon
> Do all items behave like this or is it only the check_policy_service? I mean,
> if everything is evaluated again on each RCPT TO, then if I place
> reject_rbl_client into smtpd_client_restrictions, the rbl check will run
> needlessly more times?
No.
--
Sahil Tandon
ayhost
http://www.postfix.org/postconf.5.html#address_verify_transport_maps
--
Sahil Tandon
On Sun, 29 Mar 2009, Res wrote:
> On Sat, 28 Mar 2009, Sahil Tandon wrote:
>
>>> the pre-queue filter can still reject the message at end of data with a
>>> "no such user" style error.
>
> This is what I was thinking of since milters for, say, virus sc
://lists.sourceforge.net/lists/listinfo/courier-imap
--
Sahil Tandon
ame,
> reject_unknown_sender_domain, check_relay_domains
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = foo
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = check_sender_access, hash:/etc/postfix/spammers
Extraneous comma.
--
Sahil Tandon
ound the corresponding action is executed, and
the matching process is repeated for the *next* message header or message body
line.
--
Sahil Tandon
s are waiting for sending e-mail. Is there any
> way to put some timeout or any other resoluton for the problem?
If clients and their programs are "trusted" senders, then exclude them from
RBL checks.
--
Sahil Tandon
> out declaration along with the permit). I am sad to say I am still a
> little unclear about how the various smtpd_mumble_restrictions work
> together.
For more clarity and general illumination, see:
http://www.postfix.org/SMTPD_ACCESS_README.html
--
Sahil Tandon
ad. Figure out a way to accept mail
only for actual users and reject everything else at RCPT TO.
--
Sahil Tandon
iod of max 2 days or so which should be fine.
Backscatter, even for two days, is not fine.
> Having said that i presume there is no better solution for split-domain
> scenario apart from maintaining user based transport maps?
Correct. And please stop top-posting.
--
Sahil Tandon
the nexthop when
> returning the transport? For example:
You need to specify the nexthop; otherwise, transport(5) will use the
recipient domain name to direct email to the appropriate MX.
--
Sahil Tandon
f
'postconf -n'.
Anonymous TLS is fine and actually quite common; it just means the client did
not have (or present) its own certificate, offered only anonymous TLS
ciphers which were accepted by the server. Nothing to worry about here.
--
Sahil Tandon
f the scope of this mailing list. FWIW, many
people have had success using Dovecot's LDA to deliver mail which plays
nicely with sieve scripts that include vacation (auto-reply) functionality.
--
Sahil Tandon
coming
> 5. maildrop
>
> 6. corrupt (is a queue ?)
Do not send the same message to the mailing list twice. Read:
http://www.postfix.org/QSHAPE_README.html
--
Sahil Tandon
em , smtp_tls_CAfile = /etc/postfix/ssl/CA.pem , has my both
> selfsigned main CA certificate and my nexthop CA in it . Should i
> include the all ca certificates directory in postfix main.cf ? How can i
> have a verified tls connection with my relayhost ?
Show logs that explain how what is failing.
--
Sahil Tandon
conf -n', relevant excerpts from your
master.cf, and logs that prove a user authenticated via SASL and that his or
her message was piped to your script.
--
Sahil Tandon
sender and recipient(s).
--
Sahil Tandon
On Wed, 22 Apr 2009, Jørn Odberg wrote:
> Would I need to do this at the sender or the receiver? Or both ends?
Do it on your end, which is what you control.
--
Sahil Tandon
if you say so, but I just don't
> understand why. Given my dovecot config, which I believe is a quite
> standard way of configuring dovecot , I have no idea why it doesn't
> work. I've seen similar config files when searching the web, and they
> seem to work. Do you have any suggestions as to what could be wrong with
> my dovecot config?
Ask your last question on the Dovecot mailing list.
--
Sahil Tandon
t is still being re-tried.
To understand the difference between your two scenarios, try using host(1) to
query yahoo.com.uk and talktalk.com.
--
Sahil Tandon
ant to know
> what's wrong with my config before I try to fix it (since clearly my
> preprod and prod environments are different).
Note the different flags= specified in your pipe(8) to deliver in master.cf
when you inspect the file on your preprod and prod servers.
--
Sahil Tandon
lse your system can become an open relay.
Just make sure your policy service does not reply with "OK" but instead
"permit_auth_destination" to avoid becoming an open relay.
--
Sahil Tandon
ead:
http://article.gmane.org/gmane.mail.postfix.user/194749
--
Sahil Tandon
my server with these
>messages, and how do I protect against it in the future (maybe simply
>changing the way I'm blocking unwanted senders now will accomplish
>that?)?
See answer to Q2.
> 4. Should I report his abuse? Or was it deserved because of the way I
> was using check_sender_access?
To whom would you report it? :-)
--
Sahil Tandon
t threats of violence from morons like Rik, and I should
> have just kept my mouth shut, but it really irked me to see these
> comments aimed at the people who provide such incredible help here, of
> which I have been the recipient more than once.
It's best to ignore such things and get on with your day.
--
Sahil Tandon
On Fri, 08 May 2009, Charles Marcus wrote:
> On 5/7/2009 7:30 PM, Sahil Tandon wrote:
> >> relayhost = [post18.emailfiltering.com]
>
> > Interesting.
>
> >> May 6 15:22:06 myhost postfix/smtpd[4799]: connect from
> >> ixe-mta-18-tx.emailfiltering
rent mysql clients by using the Postfix
proxymap(8) service.
--
Sahil Tandon
ould be able to archive mail using any of those methods. See:
http://www.postfix.org/postconf.5.html#recipient_bcc_maps
http://www.postfix.org/postconf.5.html#sender_bcc_maps
--
Sahil Tandon
,
> reject_non_fqdn_sender,reject_unknown_sender_domain,permit
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
All those trailing permits are unnecessary.
--
Sahil Tandon
27;hapolicy synopsis' -- the author of postfwd wrote a perl
script which acts as a load balancing policy service that can return
dunno if the underlying services are unreachable. Obviously, if
hapolicy itself malfunctions, you're back at square one.
--
Sahil Tandon
FROM:
> SIZE=8598 AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>"
Could that be another instance of Postfix running on port 10025? It does not
advertise AUTH capability (i.e. SASL is not enabled), is given "AUTH=<>" by
the client on the MAIL FROM line, and appropriately responds with 555.
--
Sahil Tandon
On May 14, 2009, at 7:40 AM, wiseadmin wrote:
Hello everybody,
I am running FreeBSD with postfix (2.6.0-RC2) and dovecot (1.1.11).
There are virtual domains and users and postfix authenticates users
using sasl and dovecot.
Today I've performed a server upgrade (portupgrade -arRv) and sasl
authe
reeBSD port. Create
your own or wait until someone else submits a patch.
--
Sahil Tandon
+ptr:some-other.com
> +ptr:mydomain.net -all"
Try: http://old.openspf.org/wizard.html; and please, take all follow-ups to
another, more appropriate mailing list. Perhaps spf-help.
--
Sahil Tandon
On Sun, 17 May 2009, Carlos Williams wrote:
> On Mon, May 11, 2009 at 8:59 PM, Sahil Tandon wrote:
> > On Mon, 11 May 2009, Carlos Williams wrote:
> >> relayhost =
> >
> > The default value is empty, so no need to redefine it.
>
> I was told to add this valu
On Sun, 17 May 2009, Sahil Tandon wrote:
> On Sun, 17 May 2009, Carlos Williams wrote:
>
> > On Mon, May 11, 2009 at 8:59 PM, Sahil Tandon wrote:
> > > On Mon, 11 May 2009, Carlos Williams wrote:
> > >> relayhost =
> > >
> > > The default va
om will be forced towards othersmtp.company.com, while mail to
other recipients will be routed normally.
You may want to consider and mitigate any unintended consequences, and I
realize this seems like overkill for what you want to do, but I cannot think
of another way to do it.
--
Sahil Tandon
101 - 200 of 851 matches
Mail list logo
