Hi,
I'm using Postfix with MySQL via proxy:mysql maps. The documentation
states that mails should get deferred if no mysql server is reachable.
However when I shut down MySQL, SMTP transaction freeze after I enter
the "MAIL FROM:<...>" statement.
Any ideas how I can change that? There seems to b
* Sahil Tandon [2011-12-05 03:24]:
> > I'm using Postfix with MySQL via proxy:mysql maps. The documentation
> > states that mails should get deferred if no mysql server is reachable.
> >
> > However when I shut down MySQL, SMTP transaction freeze after I enter
> > the "MAIL FROM:<...>" statement.
* Sahil Tandon [2011-12-06 01:54]:
> > that's not really an option for me, I need these lists in MySQL. It
> > seems I have to live with it and make MySQL as stable as possible.
>
> Is your list of virtual mailbox domains that large or dynamic that it
> must be only in SQL? Note that you can sti
* Wietse Venema [2011-12-07 17:20]:
> Yes it was. I point the attention to the RIGHT problem, which is
> fixing the suboptimal configuration that does domain queries from
> SQL.
Hi,
with all due respect but for me the important thing at the moment
would be to understand why it works the way it w
* Wietse Venema [2011-12-08 13:09]:
> Sebastian Wiesinger:
> > I really would like to know if it is not possible to have a temporary
> > error when trivial-rewrite fails to access the MySQL database. I don't
> > see any apparent reason for it. If there is one I would l
* lst_ho...@kwsoft.de [2011-12-08 14:46]:
> >And I had hoped that perhaps this would be an improvement to postfix.
> >Sadly it seems it was some kind of blasphemy to question the way
> >postfix does handle this stuff.
>
> No, it means until now no one needs this so important to step up
> with cod
* Wietse Venema [2011-12-09 01:01]:
> > And that is where I disagree. IMHO a mailsystem should respond with a
> > temporary error if it is experiencing a temporary error (like a lookup
> > table not being availabe) not simply hang there and do.. nothing.
>
> We know that. What are you going to do
* Wietse Venema [2011-12-09 13:47]:
> A quick search shows that trivial-rewrite server has no "fatal"
> errors - it reports all errors that it can detect to the client (in
> this case smtpd(8)).
>
> However there is one low-level library module (match_ops) that
> exits the program with a "fatal"
Hi,
is there a way (in the logs) to see which port a client connects to? I
can't find that information at the moment.
I'm interested to know if a client is using the smtp, ssmtp or
submission port to connect.
Thanks
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94
* Wietse Venema [2011-12-14 17:34]:
> Sebastian Wiesinger:
> > Hi,
> >
> > is there a way (in the logs) to see which port a client connects to? I
> > can't find that information at the moment.
>
> Give each SMTP server its own syslog_name optio
* /dev/rob0 [2011-12-14 17:58]:
> I use "postfix-587" (and "postfix-465") because it's shorter and
> contains the "postfix" string which helps to isolate Postfix logging
> from other mail facility logs. "grep postfix maillog", et c. More
> correct, and still meeting that need, would be "postfix
Hello,
I have a setup with handles a few virtual domains. For one domain only
I want mails not to be rejected with an 5xx error code but be deferred
with a 4xx error code. Is that possible?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you D
* Wietse Venema [2012-04-04 01:22]:
> To soft-reject unknown recipients in selected domains, in mail from
> clients outside the local network, request defer_if_reject at the end
> of smtpd_recipient_restrictions:
>
> /etc/postfix/main.cf:
> smtpd_recipient_restrictions =
> permit_mynetw
* Stan Hoeppner [2012-07-30 14:35]:
> On 7/29/2012 6:57 PM, Engin qwert wrote:
>
> > Actually it is not router. It is only BPL modem. After Static IP hiring the
> > ISP send me an email how to configure the server with this IP addresses
> > information. The 10.138.9.201 internal IP address sele
* tobi [2012-08-07 18:46]:
> Hi list,
Sorry list, hi Tobi:
I wanted to tell you that your DNSSEC for brain-force.ch is broken so
resolvers which validate DNSSEC will not be able to resolve your
domain (and so I can't send you mails directly). You might want to fix
this.
http://dnsviz.net/d/bra
* Wietse Venema [2013-05-31 22:57]:
> After the confusion that Postfix 2.10 is not Postfix 2.1, maybe it
> is time to change the release numbering scheme.
Okay, perhaps this is a European view, but I never confused Postfix
2.1 with 2.10. Perhaps because here it would be 2,1 and 2,10 if they
were
Hello,
GMX and web.de started an initiative for secure E-Mail made in
Germany... they turned TLS on.
But in addition to that bold move the did something else that causes
the following errors when they try to send mail to my postfix:
postfix/smtpd[28706]: connect from mout.web.de[212.227.15.14]
p
* Heiko Wundram [2013-08-20 12:09]:
> Still delivers fine for me (and my mail-server) running Postfix 2.10.1:
>
> Received: from mout.web.de (mout.web.de [212.227.15.3])
> (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
> (No client certificate requested)
> by ma
* DTNX Postmaster [2013-08-20 12:57]:
> Self-signed, 2048 bits certificate from our own root. Picks the same cipher
> and TLS version as in Heiko's example, it seems. Perhaps it's your
> certificate, perhaps your Postfix settings? No odd overrides for the defaults
> anywhere, forced cipher suit
* Viktor Dukhovni [2013-08-20 16:51]:
> > I found the problem... In addition to my normal certificate, I had an
> > EC certificate.
> >
> > smtpd_tls_eccert_file=/etc/postfix/certs/cacert-karotte-ec.crt
>
> Though I think OpenSSL will generally detect attempts to configure
> a public key (certif
* Viktor Dukhovni [2013-08-24 05:27]:
>
> > I just did, here is the PCAP:
> >
> > http://www.karotte.org/smtp-gmx.pcap
>
> The client sends an "internal error" alert. It is not clear what
> problem it is encountering. The server elects:
>
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_
* BONNET, Frank [2013-10-24 17:54]:
> Hello
>
> Continuing on my "secured" email server graal I would like to test SMTP +
> TLS exchange of emails
>
> the volume will be very low for testing purpose only and I will be the only
> user when I will suceeded to setup my server :-)
>
> My eternal gr
Hello,
currently I'm running the distributed postfix version under Debian
Stable (currently 2.9.6-2). I would like to switch to the current 2.11
version to try out DANE and other new features.
Has anyone got the current version packaged for Debian Stable (I was
unable to find one online) or does
* Robert Schetterer [2014-01-16 12:42]:
> Am 16.01.2014 12:13, schrieb Sebastian Wiesinger:
> > Hello,
> >
> > currently I'm running the distributed postfix version under Debian
> > Stable (currently 2.9.6-2). I would like to switch to the current 2.11
> >
Hello,
I published TLS DANE Records for my mailserver and now I am wondering
if there is a way to verify that these records are okay/matching the
cert. Is there a tool/site where I can test this? I suppose it would
be possible with the right openssl s_client commands but I can't
figure them out. T
* Viktor Dukhovni [2014-05-08 02:09]:
> On Thu, May 08, 2014 at 01:14:09AM +0200, Sebastian Wiesinger wrote:
>
> > I published TLS DANE Records for my mailserver and now I am wondering
> > if there is a way to verify that these records are okay/matching the
> > cert. Is t
Hello,
I have some users that forward their mail to GMAIL. This is
implemented with virtual alias maps. So postfix forwards:
u...@example.com -> example.u...@gmail.com
The problem is when SPAM mails get through all the postfix defences
and get forwarded to GMAIL. GMAIL does some body checks and
* Wietse Venema [2014-05-08 23:36]:
> Sebastian Wiesinger:
> > Hello,
> >
> > I have some users that forward their mail to GMAIL. This is
> > implemented with virtual alias maps. So postfix forwards:
> >
> > u...@example.com -> example.u...@gmail.com
&
* Wietse Venema [2014-07-15 19:33]:
> Proudly presenting Postfix SMTPUTF8 support! Below is text from
> the RELEASE_NOTES file for postfix-2.12-20140715, to be uploaded
> later today.
Aaand Google has announced that it will support this for GMail:
http://googleblog.blogspot.com/2014/08/a-first-s
* Matus UHLAR - fantomas [2020-12-04 15:08]:
> > El vie, 4 dic 2020 a las 2:15, Viktor Dukhovni
> > () escribió:
> > > Is there a compelling reason to run a stripped-down (and typically not
> > > adequately standards-conformant) DNS resolvers on a mail server?
>
> On 04.12.20 08:41, Sergio Belkin
* joh...@fastmail.com [2015-09-09 03:03]:
> Ken
>
> On Tue, Sep 8, 2015, at 05:49 PM, Ken Peng wrote:
> > How about Spamassassin? we have been using it for a long time.
>
> And how are you integrating it into Postfix. That was my question
> not whether to use Spamassassin. I kindof decided on
Hello,
a while ago I changed my mail configuration for mailinglists. I have
individual mail addresses for every mailing list and the configuration
now looks like this:
From: Sebastian Wiesinger
Sender: postfix-us...@ml.karotte.org
This has the advantage that off-list answers go to my main
* Wietse Venema [2015-09-10 15:00]:
> Sebastian Wiesinger:
> > Hello,
> >
> > a while ago I changed my mail configuration for mailinglists. I have
> > individual mail addresses for every mailing list and the configuration
> > now looks like this:
> >
&g
* Sebastian Wiesinger [2015-09-25 12:55]:
> * Wietse Venema [2015-09-18 15:51]:
> > Majordomo uses the following: Reply-To: (most preferred), From:,
> > and Apparently-From: (least preferred). It does not use Sender:.
> > The list manager runs on someone elses system. I woul
Hello,
as I see/understand it, a check_client_access lookup that returns
PERMIT will skip over the rest of smtpd_client_restrictions but WILL
still run the checks in the other smtpd_*_restrictions classes, right?
I can't find that information in the SMTPD_ACCESS_README or other
documents. (I can'
* Wietse Venema [2014-10-01 19:03]:
> Sebastian Wiesinger:
> > Hello,
> >
> > as I see/understand it, a check_client_access lookup that returns
> > PERMIT will skip over the rest of smtpd_client_restrictions but WILL
> > still run the checks in the other sm
Hello,
the documentation states:
The milter_header_checks mechanism could also be used for
whitelisting. For example it could be used to skip heavy content
inspection for DKIM-signed mail from known friendly domains.
I want to do that for mail that passes DMARC checks (with 2.11.2 DMARC
became
Hello,
I have a few users that insist on using catch-all domains. Not
surprising they get spam to some address. Now they're asking if they
can reject mail for *some* of the addresses of the catch-all domain.
They can create aliases themselves via postfixadmin and they want to
do this the same way
* Sebastian Wiesinger [2014-10-23 21:54]:
> Hello,
>
> I have a few users that insist on using catch-all domains. Not
> surprising they get spam to some address. Now they're asking if they
> can reject mail for *some* of the addresses of the catch-all domain.
>
&g
* Noel Jones [2014-10-24 00:36]:
> > I tried to implement this by using a check_recipient_access pcre_table
> > like this:
> >
> > /etc/postfix# cat recipient_access.pcre
> > /^postfix-reject-address@.+$/ REJECT
> >
>
> This must match the recipient address as sent by the client and
> logged
* Robert Schetterer [2017-03-05 21:00]:
> Microsofts info mail ( arrived fast today )
> said that my hetzner Ip will whitelisted , but only for small
> amount of mail until it has a "good" score and it is not a general
> antispam whitelisting.
>
> They recommend to get part of
> Junk E-Mail Repor
* Sebastian Wiesinger [2017-03-08 15:53]:
> * Robert Schetterer [2017-03-05 21:00]:
> > Microsofts info mail ( arrived fast today )
> > said that my hetzner Ip will whitelisted , but only for small
> > amount of mail until it has a "good" score and it is not a ge
Hi everyone,
I'm not sure if I'm missing something but I can't find out why my
body_checks doesn't catch all the backscatter I'm getting right now.
I've it configured like this:
root@alita:/etc/postfix# postconf -n body_checks
body_checks = pcre:$config_directory/body_checks.pcre
root@alita:/e
* Sebastian Wiesinger [2023-04-27 17:59]:
> root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre
> Message-ID:
> reject SPAM backscatter with forged domain name in Message-ID header
And of course I ran into my own filter when I got the mail back
* Peter via Postfix-users [2023-05-03 07:45]:
> On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote:
> > Hi everyone,
> >
> > I'm not sure if I'm missing something but I can't find out why my
> > body_checks doesn't catch all the
45 matches
Mail list logo
