rmit your networks
and SASL authenticated senders before doing this. And depending on your
configuration and requirements, this may cause some unwanted side-effects.
Search the archives of this mailing list for context.
--
Sahil Tandon
4527 Wed May 20 23:35:36 MAILER-DAEMON
> (connect to returnmail35.manuelmedia.com[206.212.244.102]: Connection timed
> out)
Please grep your maillog for '502E97782FC', 'E386E7782A9' and 'returnmail35'.
--
Sahil Tandon
On Thu, 21 May 2009, Carlos Williams wrote:
> On Thu, May 21, 2009 at 8:20 PM, Sahil Tandon wrote:
> > No need to be alarmist; search the logs for further enlightenment.
>
> I checked the logs and found the following when I search for the message ID:
s/message/queue/ :-)
&g
just guesses until you provide more information to help debug
the problem.
--
Sahil Tandon
the client host.
>
> Why are *_checks and *_milters not end-of-data restrictions, or
> better yet, policy services?
One example: 1.2.3.4 is rejected in an access(5) table referenced in
smtpd_client_restrictions. Why wait for END-OF-DATA when you know, in
advance, that you will not accept mail from 1.2.3.4?
--
Sahil Tandon
On Sat, 23 May 2009, Sébastien WENSKE wrote:
> What should contain this file, local or external fqdn ?
Probably external, but this is not a Postfix question. Ask on a Debian
mailing list.
--
Sahil Tandon
eue the good ones, and leave the
> bad ones behind. Any pointers would be appreciated.
http://www.postfix.org/QSHAPE_README.html
http://www.postfix.org/postcat.1.html
http://www.postfix.org/postsuper.1.html
http://www.postfix.org/postqueue.1.html
--
Sahil Tandon
nitely an
amavisd-new issue, then it would be more appropriate for you to continue this
thread on the amavisd-new mailing list.
--
Sahil Tandon
nt_filter = amavis:[127.0.0.1]:10024
So amavisd-new is not accepting connections.
--
Sahil Tandon
the old one? Or do I break any librarys or anything
> else?
Ask on the Suse mailing list.
--
Sahil Tandon
That wouldn't add much value; just reject unknown users as early as possible
to avoid unnecessarily traversing other checks.
--
Sahil Tandon
ion before it
> even gets to the fqdn lookup? Or hitting the reject_non_fqdn_sender?
> Why's it falling all the way check_client_fqdn.pcre?
Yes, it does seem odd; can you show unaltered 'postconf -n' instead of just
that snippet? And reject_non_fqdn_sender does not hit because it has
absolutely nothing to do with the HELO; it rejects requests when the MAIL
FROM is not FQDN.
--
Sahil Tandon
ll you whether the 'other side' accepted the message.
--
Sahil Tandon
RFC 2821, may only send EHLO to a server that greets with
ESMTP. So it is worthwhile (and advisable) to include ESMTP in the
$smtpd_banner, unless you have a good reason to intentionally exclude it.
--
Sahil Tandon
ist
the host in Postfix and any other filters that might block it.
> Are the steps I have undertaken in previous posts enough for that, or I
> miss something and have to dig the problem any farther? If yes, then
> what are the missing steps?
Hard to say, given what I've written above.
--
Sahil Tandon
.6];
> from= to= proto=ESMTP
> helo=
This host was rejected because reject_unknown_client_hostname (or
reject_unknown_client in < Postfix 2.3) was specified in main.cf.
--
Sahil Tandon
quot;stopped at the gate"? If you mean
"rejected by Postfix" then yes, this is always logged.
--
Sahil Tandon
se show your logs during delivery of the alleged backscatter.
> My /etc/postfix/header_checks contain only the following:
>
> /^Received:/ HOLD
Very odd that you want to hold ALL email with this check. Does MailScanner
examine messages in the hold queue and then release them?
--
Sahil Tandon
eaders? That
> and a corresponding log entry should clear things up.
FWIW, the snippet alone hits Sanesecurity.Hdr.9913.UNOFFICIAL.
--
Sahil Tandon
>
> postgrey logs to the maillog. lines look like this:
I believe postgrey too logs to syslog's mail facility, so the file depends on
the system/configuration, and is probably not maillog on all platforms.
--
Sahil Tandon
On Wed, 27 May 2009, LuKreme wrote:
> On 27-May-2009, at 05:29, Sahil Tandon wrote:
>> On Tue, 26 May 2009, LuKreme wrote:
>>
>>> On 26-May-2009, at 17:39, Lists wrote:
>>>> As part of my mail system I am using postgrey.
>>>>
>>>> Whe
st to be sure, you are passing at least the 'hu' flags
to pipe(8) for dovecot's LDA, right? These two flags ensure case-folding,
which local(8) does by default.
--
Sahil Tandon
On Thu, 28 May 2009, Eduardo Júnior wrote:
> I have a Postfix Server 2.4.0 with virtual domains and interface
> postfixadmin.
> I want disabling a domain through postfixadmin. There's the option ACTIVE.
What is your definition of 'disable' in this context?
--
Sahil Tandon
On Fri, 29 May 2009, Eduardo Júnior wrote:
> On Thu, May 28, 2009 at 11:15 PM, Sahil Tandon wrote:
>
> > On Thu, 28 May 2009, Eduardo Júnior wrote:
> >
> > > I have a Postfix Server 2.4.0 with virtual domains and interface
> > > postfixadmin.
> > > I
tfix via port 10025? Or maybe another alternative of
> communicating between amavis and postfix?
Use multiple instances as already suggested, or remove this elusive 'spam
flag' before re-submitting mail to the current Postfix instance so it doesn't
trigger the loop.
--
Sahil Tandon
post newbies questions, but i have really search all
> over, i have looked all my logs and there's nothing on why postfix
> doesn't send email outside...
Show logs associated with one of the mails that is stubbornly stuck in the
queue.
--
Sahil Tandon
l address in the
From: header. If so, this is not backscatter at all. It is a typical
spammer tactic of sending email with sender equal to recipient. See archives
of this mailing list on how to prevent external (or untrusted) IPs/senders
from using your domain name(s) in the envelope from. Also note the
unintended consequences (also previously discussed on this list) of taking
such preventive action.
--
Sahil Tandon
ovecot's LDA to deliver mail to users; then, you
could easily integrate sieve functionality for per-user vacation
functionality along with other features.
--
Sahil Tandon
isted on CBL (ergo XBL) at
2009-06-01 14:00 GMT; you received it before then. If you had been using
PBL (or better, Zen), then it might've been blocked.
--
Sahil Tandon
>>> On Mon, 1 Jun 2009 10:39:31 -0300 (UYT)
>>> Miguel Da Silva - CMat wrote:
>>>> Good news.
>>> [snip]
>>> Is there any possibility that Brazil might adopt an anti 'top
>>> posting'
>>> protocol also?
This was fun, but can we please close this thread? Thanks much.
--
Sahil Tandon
On Tue, 02 Jun 2009, Antonis Rizopoulos wrote:
> Is it possible to set the /message_size_limit/ value per user so each
> user has his own message size limit?
> Maybe using a hash file or mysql ?
For this you need a policy service.
--
Sahil Tandon
On Jun 2, 2009, at 2:52 AM, Bernd Nies wrote:
Hi,
Our users have the following complaint about the Postfix behaviour:
They write Emails to
From: someb...@somewhere.com
To: gro...@example.com, gro...@example.com
The mailgroup is expanded with aliases to
group1: user1, user2, user
installed? I would've thought these man page 'clone'
files would be flagged as obsolete in conf/postfix-files. Sorry if
I've made a careless oversight.
Thanks,
--
Sahil Tandon
es away'. Just a guess.
There have been some posts about this on the mailing list before -- check
archives.
--
Sahil Tandon
On Sat, 06 Jun 2009, Sriram Nyshadham wrote:
> Well I am using FreeBSD 6.3 and not solaris. Is it quite possible the same
> thing would have been done on BSD as well?
Please don't top-post. I'm not sure -- but one of the experts will likely
chime in. Good luck!
--
Sahil Tandon
nable and leave postfix alone. When the message expires postfix will
> notify the sender.
Alternatively, the OP could use a transport map to reroute stuck messages to
the error transport and "bounce" them back to the sender with an
informative message.
--
Sahil Tandon
- n - - smtp -o
> fallback_relay=
Why is trivial-rewrite missing?
> Netstat also available but makes message too big...
% netstat | grep rewrite
--
Sahil Tandon
mail from misconfigured
> > > servers. (We do.)
> > >
> > Most of do (I would guess).
> >
> Stupid me. To fast typing:
> Most of us do (I would guess).
Indeed. This is why macho declarations like "we don't accept mail from
misconfigured servers" are misguided.
--
Sahil Tandon
ne of
your users? That is to say, are messages spoofed with whitelisted
envelope senders simply given a free pass through all your checks?
--
Sahil Tandon
est explained by ... them! Try pinging their
postmaster.
--
Sahil Tandon
On Sat, 23 Jan 2010, Martijn de Munnik wrote:
> On Jan 23, 2010, at 4:24 PM, Sahil Tandon wrote:
>
> > On Fri, 22 Jan 2010, Martijn de Munnik wrote:
> >
> >> RFC2821 section 4.5.3.2 Timeouts reads
> >>
> >> "An SMTP server SHOULD have a timeo
y work? I have Postfix
> 9.3.0 and the 451 error is still not fixed.
Postfix 9.3.0 does not exist; what version are you actually using?
--
Sahil Tandon
documentation to get you
started:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/transport.5.html
--
Sahil Tandon
nal here for a
few hours without a hitch.
--
Sahil Tandon
to Postfix via telnet. This removes variables like
Thunderbird that complicate debugging. Also see DEBUG_README for more
tips.
--
Sahil Tandon
lay? If so, how do
> I do this?
Yes, but allowing anyone with that MAIL FROM to relay through your
Postfix server is unwise since that "credential" is easily spoofed.
Only allow trusted networks and authenticated clients to relay through
your server. This is a good opportunity for you to review SASL_README.
--
Sahil Tandon
om "postconf -n". Please do not send your main.cf file, or 500+
lines of postconf output.
If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.
--
Sahil Tandon
sends to SMTP clients;
that was the point of Wietse's paragraph and should mitigate your
"surprise" in not seeing 552 in your logs.
--
Sahil Tandon
st, any mail that it sends is
> authorized. How can I add restrictions on localhost, despite it being
> authorized, from sending mail as certain users or to certain
> recipients?
Enforce the restrictions before you permit_mynetworks.
--
Sahil Tandon
d before:
http://marc.info/?l=postfix-users&m=121789269506492&w=2
--
Sahil Tandon
wser's user agent string as
> described before. I also tried the Google search approach and it yielded
> the exact same results.
>
> Can we now *please* stop discussing this silly topic? Or at least take
> it off list? Thank you.
Yes, but for posterity and archives, Ansgar is correct and LuKreme is
wrong. I just verified using SeaMonkey here.
--
Sahil Tandon
d and show logs related to the problem.
> This means either something else in the config is preventing it from
> working, or I am miss-understanding what I am supposed to be placing
> there.
>
> Please help me.
>
> Below is the contents of main.cf:
Read DEBUG_README and paste 'postconf -n' instead.
--
Sahil Tandon
ent should
retry after getting a 4xx in the LDAP failure scenario above. Or are
temporary rejections intolerable in your environment?
--
Sahil Tandon
sk on another list.
--
Sahil Tandon
On Sun, 21 Feb 2010, Jonathan Tripathy wrote:
> Are you aware of any Postfix implementations?
Please, don't top-post. And there is no Postfix implementation; that is
why you need to find/use a milter or external content filter.
--
Sahil Tandon
m...@mydomain.com for both sender and receiver
Use a policy service like postfwd or get creative with access tables.
Search google and this list's archives for some variant of 'sender equal
to recipient'.
--
Sahil Tandon
ogle and search mailing list archives before posting here.
Also note that your question is rather off-topic for postfix-users.
See: http://www.openspf.org/FAQ/Forwarding. If your confusion remains,
seek help on SPF forums.
--
Sahil Tandon
On Feb 23, 2010, at 1:30 PM, Stan Hoeppner
wrote:
Wietse Venema put forth on 2/23/2010 11:41 AM:
Stan Hoeppner:
Wietse Venema put forth on 2/23/2010 10:39 AM:
Not all the world
is Linux. In fact there are 10 times as many Macs.
Wietse Venema put forth on 2/16/2010 10:01 AM:
This is a t
did wrong
> or am missing? I think this email should have been prevented with:
>
> /^iamghost\.com$/ 550 Don't use my own domain
Where in the headers do you see evidence that the spamming server tried
to HELO with iamghost.com?
--
Sahil Tandon
On Mar 17, 2010, at 8:59 AM, Carlos Mennens
wrote:
Is it possible to alter the fact that my message headers indicate that
my MTA is a Postfix server? I don't know if this is possible and while
I don't specifically want to hide the fact that I use Postfix because
I love this software more than
d, but I wonder if it has something to do with your problem:
you're using pymilter built with Sendmail 8.14 libraries, which imply
protocol 6, but Postfix < 2.6 defaults to milter_protocol = 2.
--
Sahil Tandon
h postfwd: http://postfwd.org.
--
Sahil Tandon
sites in the
> default configuration are still valid? What about maintaining and
> updating these values, is that up to me as the administrator?
This is the POSTFIX mailing list.
--
Sahil Tandon
On Mar 22, 2010, at 5:54 AM, Pruniaux Ghislain > wrote:
My question is , is there a way to tell postfix that when login
account
first letter is (a-l) then route mail on account1 and when first
letter
is (m-z) then route mail on account2 ? without using aliases ?
Yes: transport_maps.
On Mar 22, 2010, at 8:26 AM, Carlos Mennens
wrote:
I noticed that I am no longer able to send email via Postfix with
STARTTLS enabled on my server. I have not changed anything on my
Postfix server over the weekend. I only changed my Firewall appliance
but everything appears to be in order. I
/postconf.5.html#reject_unlisted_sender
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender
--
Sahil Tandon
HAPE_README.html#backlog
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon
eup timer would be like this:
> smtphotmail unix- - - 3 - smtp
That is how you set the timer.
> My apologies. Ill go back and start from scratch.
What version of Postfix is this?
--
Sahil Tandon
On Mar 30, 2010, at 3:16 PM, "Mike Hutchinson"
wrote:
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
us...@postfix.org] On Behalf Of Sahil Tandon
Sent: Tuesday, 30 March 2010 3:07 p.m.
To: postfix-users@postfix.org
Subject: Re: Rate c
.jheel.bdcom.com[210.4.76.3]
> >> Mar 30 05:07:25 mail postfix/smtpd[45229]: lost connection after DATA from
> >> unknown[119.15.93.218]
> >> Mar 30 05:07:27 mail postfix/smtpd[45237]: lost connection after RCPT from
> >> unknown[213.198.111.207]
>
> O
ocess IDs and try to correlate the
TLS problems with client IPs. Do you recognize them as your users? It
is likely a problem on the (badly configured) client side rather than a
mistake in your Postfix configuration. Perhaps someone more familiar
with the innards of SSL can opine.
--
Sahil Tandon
Note: while mail is "on hold" it will not expire when its time in the
queue exceeds the maximal_queue_lifetime or bounce_queue_lifetime
setting. It becomes subject to expiration after it is released from
"hold".
--
Sahil Tandon
On Sat, 03 Apr 2010, Jose Ildefonso Camargo Tolosa wrote:
> So... my guess is that the SPF check will go against this mail
> address, not the one on the From field. am I right?
SPF is against the ENVELOPE, not the HEADER.
--
Sahil Tandon
o the gmail.com MX; I am able to connect to it just fine
from here. If you typically send mail via a relayhost, continue doing
so, and ask the admins of said relayhost to help troubleshoot your
problem with delivery to gmail. This is not a Postfix issue.
--
Sahil Tandon
On Sat, 10 Apr 2010, Alex wrote:
> >> I'm using zen.spamhaus.org in postscreen and,
>
> Where can I find information on postscreen?
postscreen(8) is part of the 2.8 experimental release:
http://www.postfix.org/postscreen.8.html
--
Sahil Tandon
dresses in Postfix.
http://www.postfix.org/postconf.5.html#check_client_access
http://www.postfix.org/access.5.html
--
Sahil Tandon
1) for more information.
--
Sahil Tandon
oxy_filter=127.0.0.1:10025
Your cut & paste looks horrible in my reader, but I guess the RBL is
checked somewhere in smtpd_recipient_restrictions as defined in your
main.cf?
Please show the output of 'postconf -n'.
--
Sahil Tandon
On Sat, 24 Apr 2010, Oliver Schinagl wrote:
> smtpd_sasl_security_options = noplainpassword, noanonymous
^^^
Did you mean noplaintext?
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
--
Sahil Tandon
/syslog.conf
[ .. ]
> I'm getting full Postfix output to syslog, mail.log and mail.info.
> What am I missing?
Assuming you did not make any mistakes while editing syslog.conf, did
you restart syslogd(8) after making the changes? Postfix simply logs to
the mail facility; how syslogd(8) handles this is not a Postfix issue.
--
Sahil Tandon
On Tue, 27 Apr 2010, N. Yaakov Ziskind wrote:
> Sahil Tandon wrote (on Tue, Apr 27, 2010 at 11:23:22PM -0400):
> > Assuming you did not make any mistakes while editing syslog.conf, did
> > you restart syslogd(8) after making the changes? Postfix simply logs to
> > the mail fa
On Wed, 28 Apr 2010, N. Yaakov Ziskind wrote:
> Sahil Tandon wrote (on Wed, Apr 28, 2010 at 12:02:34AM -0400):
> > On Tue, 27 Apr 2010, N. Yaakov Ziskind wrote:
> >
> > > Sahil Tandon wrote (on Tue, Apr 27, 2010 at 11:23:22PM -0400):
> > > > Assuming you did
OP's problem is that for *his* distro, rsyslogd is running
while he was editing *syslogd* configuration files.
--
Sahil Tandon
nymous
You could lower the default security standards by removing 'noplaintext'
from the above declaration, but that is not recommended. For more,
check out the SASL_README.
--
Sahil Tandon
On Sun, 16 May 2010, Frank Shute wrote:
> So I decided to try pushing mail through my hosting provider and that
> worked! No more crappy webmail!
If your hosting provider supports TLS, then you could safely send your
username and password in plaintext over an encrypted session.
--
Sahil Tandon
s. Do not, as
suggested by another poster, simply requeue ALL messages -- unless, of
course, that is what you really intend.
--
Sahil Tandon
) notes about postscreen
availability in 2.7 might mislead.
--
Sahil Tandon
that I have updated my postfix
> and I have recreated a pair of keys with openssl for dkimproxy
Unless you have a Postfix question, please move this thread to a more
appropriate mailing list; thank you.
--
Sahil Tandon
cing test case, so it would be good if some
> > people can confirm that the changes are integrated properly.
>
> Do you by chance have the CHANGELOG and RELEASE_NOTES for the latest 2.8
> snapshot release?
Change log/History is here:
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.8-20100601.HISTORY
--
Sahil Tandon
at you mean by 'broke', and make sure to include related log
excerpts. Please also include the output of 'postconf -n' in your next
response.
--
Sahil Tandon
sql:/etc/postfix/sql-recipients.cf
> local_transport = no local mail delivery
Hm?
> mail_owner = postfix
Again, default.
> relay_recipient_maps =
Why is this empty? As per ADDRESS_CLASS_README: "If this parameter
value is empty, the Postfix SMTP server accepts all recipients for
domains listed with the relay_domains parameter."
--
Sahil Tandon
address that is not hosted at limedomains then the
> email is delivered successfully.
http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch
--
Sahil Tandon
AUTH with
mail.limedomains.net.
--
Sahil Tandon
On Fri, 04 Jun 2010, Paul McGougan wrote:
> On 4/06/2010 12:37 PM, Sahil Tandon wrote:
> >
> > A better solution is for you to configure your MUA to AUTH with
> > mail.limedomains.net.
>
> I did originally use their SMTP servers for sending, however they have
> n
On Fri, 04 Jun 2010, Paul McGougan wrote:
> On 4/06/2010 1:08 PM, Sahil Tandon wrote:
> >
> > That's unfortunate. Now that we have established the issue, it seems to
> > me this is no longer the appropriate forum to continue this thread.
> > Perhaps you can conv
or a better
understanding, review SMTPD_ACCESS_README.
--
Sahil Tandon
http://www.postfix.org/postconf.5.html#smtp_bind_address
--
Sahil Tandon
On Thu, 10 Jun 2010, Jerrale Gayle wrote:
> On 6/10/2010 6:34 PM, Sahil Tandon wrote:
> >On Thu, 10 Jun 2010, Jerrale Gayle wrote:
> >
> >>I have smtpd_bind_address set to the delegated ip for our mail
> > % postconf smtpd_bind_address
> > postconf:
then bounce, so
> that people can't probe for valid users to know wherer to start a
> brute force.
This is a horrible idea; please do not do this. Google 'backscatter'.
--
Sahil Tandon
On Thu, 10 Jun 2010, Jerrale Gayle wrote:
> On 6/10/2010 6:31 PM, Sahil Tandon wrote:
> >On Thu, 10 Jun 2010, Jerrale Gayle wrote:
> >
> >>smtpd_reject_unlisted_recipient = no
> >Bad idea.
> >
> >>Would this be better put by its
201 - 300 of 851 matches
Mail list logo
