Dear Users,
I'm facing a problem with the header_checks. I want to flip the domainpart /
userpart in the To: field of the mail header, strip off spaces/parentheses, add
a custom domainpart and replace international number scheme ++49 -> 0049.
My input string is, recipients can vary - it mig
Dear Users,
i changed maximal_queue_lifetime from 5d to 1h but mails already in queue are
not affected by this change. How can i remove mails from the queue and send
non-delivery-notifications to senders? i dont want to wait more days. my queue
shows:
root@mailserver:/home/cwadmin# mailq
-Queu
resend it with correnct recipient.
Thank you!
Stefan
-Ursprüngliche Nachricht-
Von: Motty Cruz
Gesendet: Donnerstag 21 Dezember 2017 21:23
An: Stefan Bauer ; postfix-users@postfix.org
Betreff: Re: maximal_queue_lifetime has no effect on mails already queued -
howto change?
I'
: Donnerstag 21 Dezember 2017 21:23
An: Stefan Bauer ; postfix-users@postfix.org
Betreff: Re: maximal_queue_lifetime has no effect on mails already queued -
howto change?
I'm not sure if I understand you questions correctly.
have you try re-queue the email with the following command:
postsup
Hi,
postfix is configured as relay server. Other systems relay with postfix.
Here i want to allow for a specific group of hosts, when they use a
specific mail from address only a few specific destination domains. Other
hosts should not be bothered. This is only a need to limit a group of hosts
to
Sorry for beeing unclear:
my criterias are if (from 10.8.1.1-3 and mail from: benachrichtigung@) then
only allow rcpt to: example.org, example.net, example.edu)
If from 10.8.1.1-3 and mail from anything else, no limitation should take
place.
2018-05-16 0:14 GMT+02:00 Jan P. Kessler <
ml-postfi
That works. thank you very much guys for your help!
2018-05-15 18:10 GMT+02:00 Viktor Dukhovni :
>
>
> > On May 15, 2018, at 11:38 AM, Stefan Bauer
> wrote:
> >
> > I can not think of a way to achieve this.
>
> It is unclear what combination of criteria you
Hi,
using
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
smtpd_sender_login_maps = hash:/etc/postfix/login_maps
rejects user with invalid mail from domain with
: Sender address rejected: not owned by user abc; from=
to= proto=ESMTP helo=<[192.168.0.173]>
How can i custo
> On Sat, Sep 8, 2018 at 3:18 PM Stefan Bauer
> wrote:
> >
> > Hi,
> >
> > using
> >
> > smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
> > smtpd_sender_login_maps = hash:/etc/postfix/login_maps
> >
> > rejects
I like the option smtp_tls_note_starttls_offer = yes
but when a host is logged, it's hard to keep track to which recipient
domain that host belong without doing dns-lookups against all listed in
smtp_tls_policy_maps.
Can this be improved to maybe also list the appropriate recipient domain?
Hi,
is there a way to specify on a per user basis (sasl authenticated user) if
TLS should be none or may or encrypted for a specific recipient domain?
I would like to have the user to decide if his mail to a specific domain
should be TLS encrypted and then maybe bounce back but let other users
ma
that correct?
Am So., 9. Sep. 2018 um 16:28 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > is there a way to specify on a per user basis (sasl authenticated user)
> if
> > TLS should be none or may or encrypted for a specif
Hi,
delays=422/0.03/0.09/0, dsn=4.7.4, status=deferred (TLS is required, but
was not offered by host
seems to me like a permanent error - postfix sees it as a temporary one. I
would like to have instant bounce message for this case when TLS is not
available.
sending postfix is configured 'encryp
any way to inform my users about TLS fails via bounce without waiting queue
lifetime?
Am So., 9. Sep. 2018 um 18:58 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 12:49 PM, Stefan Bauer
> wrote:
> >
> > delays=422/0.03/0
seems to only work when postfix is server. I need this for postfix as
client when remote site is not offering tls.
Am So., 9. Sep. 2018 um 18:59 Uhr schrieb Herbert J. Skuhra <
herb...@gojira.at>:
> On Sun, Sep 09, 2018 at 06:49:07PM +0200, Stefan Bauer wrote:
> > Hi,
> >
That would be great to have this as part of the log string! Thank you for
considering my request.
Am So., 9. Sep. 2018 um 19:03 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 9:46 AM, Stefan Bauer
> wrote:
>
our system is only outbound but here when TLS fails so remote sites, we
would be happy to have an option to instantly bounce as this is mostly a
fixed state.
Am So., 9. Sep. 2018 um 19:27 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 1:0
Am Sonntag, 9. September 2018 schrieb Wietse Venema :
> Instead, you can use transport_maps to choose between different
> Postfix SMTP clients (with different configurations) based on the
> recipient address or domain.
>
> You can use the access map or header/body_checks FILTER action
> ("FILTER na
Am So., 9. Sep. 2018 um 21:51 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 3:39 PM, Stefan Bauer
> wrote:
> >
> > I see no way to combine both. I want to enforce tls for sender1 to
> google.com but not for sender2 to goo
, 2018, at 1:01 PM, Stefan Bauer
> wrote:
> >
> > any way to inform my users about TLS fails via bounce without waiting
> queue lifetime?
>
> http://www.postfix.org/postconf.5.html#delay_warning_time
>
> In corporate systems I tend to split the mail plant into separate
Hi,
we use reject_unverified_recipient and have
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
after changes in aliases and issuing postalias /etc/aliases
verify_cache.db seems to get corrupted or at least not updated properly as
new/updated entries do not get correctly verif
Am Freitag, 14. September 2018 schrieb Wietse Venema :
> Stefan Bauer:
>> verify_cache.db seems to get corrupted or at least not updated properly
as
>> new/updated entries do not get correctly verified and postfix logs:
>>
>> close database /var/lib/postfix/verif
Hi,
I like the clean and easy milter way and having clamd this way integrated
in postfix. But i can not use custom reject message in case clamd detects
virus.
postfix/cleanup[4292]: BD6BA80ACA: milter-reject: END-OF-MESSAGE from
(...): 5.7.1 Command rejected; from= to= proto=ESMTP
helo=
This mes
to be refreshed.
Am Fr., 14. Sep. 2018 um 20:25 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Am Freitag, 14. September 2018 schrieb Wietse Venema :
> > > Stefan Bauer:
> > >> verify_cache.db seems to get corrupted or at least not up
Thank you! I was too stupid to RTFM. Clamd can provide custom reject
messages.
Am Mo., 17. Sep. 2018 um 16:18 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > I like the clean and easy milter way and having clamd this way integrated
&g
Hi,
i noticed the following today. Is this part of the standard?
For recipient domain:
MX 5 mx1.recipient.com - does not support TLS and refused delivery with
temp error
MX 10 mx2.recipient.com - does support TLS and took the mail
Sep 18 10:36:29 B245080E75: TLS is required, but was not offered
org>:
> Stefan Bauer:
> > Hi,
> >
> > i noticed the following today. Is this part of the standard?
>
> There is no standard that requires TLS for MTA-to-MTA deliveries.
>
> > For recipient domain:
> >
> > MX 5 mx1.recipient.com - does not support TLS
2018 schrieb Matus UHLAR - fantomas :
> On 18.09.18 14:43, Stefan Bauer wrote:
>>
>> I was expecting that the mail would bounce as the first MX refuses to
talk
>> TLS and i mapped that to a perm error. But postfix skips the one with
>> temporary/temp error and delivered to
thank you. this is awesome!
Am Dienstag, 18. September 2018 schrieb Viktor Dukhovni :
>> On Sep 18, 2018, at 5:58 AM, Stefan Bauer
wrote:
>>
>> I noticed the following today. Is this part of the standard?
>
> You should have asked "is this expected behaviour in P
Hi,
I'm using smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/allowed_sender
to make sure, my senders only send out with pre-defined and allowed domains.
Now i noticed, that if my users acknowledge "read confirmations" in
clients, mails in the following form arrive at postfix:
I was more asking if it's even a good idea to add the null entry to the
table? i would like to be a good postmaster but not want to relax policies
for allowed sender addresses.
Am Di., 25. Sep. 2018 um 13:26 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
>
> Stefan Bauer:
&g
25, 2018, at 10:13 AM, Stefan Bauer
> wrote:
> >
> > I was more asking if it's even a good idea to add the null entry to the
> table? i would like to be a good postmaster but not want to relax policies
> for allowed sender addresses.
>
> You need to allow mail
Hi,
we're running a small smtp send only service for authenticated users only.
Even though we only accept allowed combinations of authenticated user and
pre-defined envelope from addresses with access_maps, some smartasses
started to spoof From: addresses so we got bad reputation at receiver sites
Johannes,
did you double check if your planned setup will not break other things?
Have similar needs but am not yet deep enough into mail to see possible
pitfalls.
Stefan
Am Dienstag, 2. Oktober 2018 schrieb Johannes Bauer :
> Hi list,
>
> I'm having an issue with my Postfix configuration: Curr
Dear Users,
we have the following in place:
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_unverified_recipient
unverified_recipient_reject_code = 550
unknown_address_reject_code = 550
today, we had an issue with our groupware so the following was happening:
NOQUEUE: rej
127.0.0.1[127.0.0.1] refused to talk to me: 421
internal error: OpenResolveAddrFolder failed)
Isn't status=undeliverable a 5xx reject?
Am Do., 11. Okt. 2018 um 19:14 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Dear Users,
> >
d.
Am Do., 11. Okt. 2018 um 22:12 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > We just noticed, that senders got several "550 5.1.0 Address rejected"
> > bounces even though postfix logs no permanent errors.
> >
> > Oct 11 17:
Yes, that's it. Thank you!
Am Fr., 12. Okt. 2018 um 14:27 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> That's the probe's 421 result:
>
> > Oct 11 17:19:13 kop01 postfix/lmtp[5711]: E759E301412:
> to=,
> > relay=127.0.0.1[127.0.0.1]:2003, delay=13, delays=0/0.01/13/0, dsn=4.0.0,
> > statu
Dear Users,
I'm building a simple pair of front MX-servers to get rid of our cisco
ironports. For spam and virus-scanning i'd like to have spamassassin and
clamav doing pre-filtering during smtp-dialog rejecting bad mails and
forwarding good mails to internal mail-farm.
Is it best practice to use
Thank you for your feedback. Seems like smtpd_milters are also used before
any other check_*_access and rbl checks/header checks etc., so it's
expensive this way, to pipe every mail through virus scan.
I'm just testing if i could plug in clamav by check_policy_service.
Am Fr., 19. Okt. 2018 um 05:
or sender and recipient.
>
> Have a look to amavis-milter (+spamassassin+clamav) or even rspamd.
>
>
> Carsten
>
> On 19.10.18 07:15, Stefan Bauer wrote:
> > Thank you for your feedback. Seems like smtpd_milters are also used
> > before any other check_*_access and
s
> triggered. But ClamAV can't do anything before the content is
> transfered. So the performance impact should be insignificant.
>
> amavis-milter is just a wrapper script from milter to amavis protocol.
> As long amavis is not dead this is fine.
>
> Carsten
>
>
>
Hi Andreas,
i really like postscreen. There are quite some nice tricks buikd in so
thanks again for pushing me in this direction.
i just bundled it now with clamav-milter so the expensive checks are only
triggered when a client survives postscreen and all my additional
sender/recipient checks and
We simply monitor established tcp sessions to smtpd port. if client flies
away, tcp session does as well:
lsof -i tcp:25 | grep ESTABLISHED | wc -l
Am Samstag, 20. Oktober 2018 schrieb Peer Heinlein :
>
>
>
> Hi,
>
> we're monitoring the amount of active smtpd processes to make sure, that
> we do
We just noticed once again, that postfix is so well designed in a way, that
often we did not even think of "corner cases" that are already handled by
default in a way, that is in most cases exactly how is should be setup.
Just picking a random setup - relaying mails to external relayhosts by
sende
Hi,
i have:
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
more /etc/postfix/relayhost_maps
@mydomain.de[smtp.1und1.de]:587
@my2domain.de [smtp.1und1.de]:587
more /etc/postfix/smtp_auth
[smtp.1und1.de]:587mydomain:
Thank you!
Am Montag, 5. November 2018 schrieb Wietse Venema :
> Stefan Bauer:
>> Hi,
>>
>> i have:
>> sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
>> smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
>>
>> more /etc/postfix/
i have similar case and set the first relayseever inmy pool as the one on
which changes ar eonly allowed. then i do scp + service restart to the
others with bash oneliner on demand.
for the future i plan to check in config from any host to central svn/git
repo and check frequently for changes from
ietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > i have:
> > sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
> > smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
> >
> > more /etc/postfix/relayhost_maps
>
Found it. Was required to modify smtp_auth to
customer1.de user1:password
customer2.de user2:password.
Am Do., 22. Nov. 2018 um 10:22 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> After setting
>
> smtp_sender_dependent_authentication = yes
>
> and adding a
Dear Users,
we trying to deliver mail to remote party with enforced encrcyption.
63FFB80805: TLS is required, but was not offered by host mx0.esb.de
[194.77.230.138]
But looks like, remote device is announcing TLS and can handle it:
# telnet mx0.esb.de 25
Trying 194.77.230.138...
Connected to m
en Koetter :
> * Stefan Bauer :
> > Dear Users,
> >
> > we trying to deliver mail to remote party with enforced encrcyption.
> >
> > 63FFB80805: TLS is required, but was not offered by host mx0.esb.de
> > [194.77.230.138]
> >
> > But looks like, remote dev
esmtp' is set by default.
Am Mo., 26. Nov. 2018 um 11:21 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> Hi,
>
> log shows:
>
> enabling PIX workarounds: disable_esmtp delay_dotcrlf for mx0.esb.de
>
> But the specific workaround 'disable_esmtp' l
Hi,
is there a way to keep an smtp session open and do before queue filtering
AND final delivery to remote mta? do only sent 250 if we have already
received 250. if not send temp error.
we would like to only accept mails if we can deliver them at the same time.
a local queue is not wanted due to
2018 schrieb Wietse Venema :
> Stefan Bauer:
>> Hi,
>>
>> is there a way to keep an smtp session open and do before queue filtering
>> AND final delivery to remote mta? do only sent 250 if we have already
>> received 250. if not send temp error.
>
> How would t
Hi,
we're running a small relay-service and looking for best practice to
deliver mails to remote sites regarding concurrent delivery and so on.
Sometimes, we have customers that are sending several mails per second to
same recipients.
What is best practice to handle this?
We would like to avoid
Its no user issue. Its a real and legal use case that customers send
several mails / second to same recipient over a long period (software tests
whatever).
Am Do., 6. Dez. 2018 um 12:50 Uhr schrieb Andrey Repin :
> Greetings, Stefan Bauer!
>
> > Hi,
>
>
> > we're
that remote sites prefer one way over the other.
Stefan
Am Donnerstag, 6. Dezember 2018 schrieb Andrey Repin :
> Greetings, Stefan Bauer!
>
> >>> we're running a small relay-service and looking for best practice to
> >>> deliver mails to remote sites
nema <
wie...@porcupine.org>:
> Stefan Bauer:
> > stuff/best practice that makes the process more effective.
> >
> > i'm certain that remote sites prefer one way over the other.
>
> I don't think that there is a 'standard' policy that 'works' fo
Hi,
we receive mails from $world and forward them to internal exchange server.
Exchange is offering STARTTLS and AUTH
root@gate01:~# telnet 192.168.124.5 2525
Trying 192.168.124.5...
Connected to 192.168.124.5.
Escape character is '^]'.
220 ex01 Microsoft ESMTP MAIL Service ready at Tue, 11 Dec
So howto not use AUTH&TLS at all to 192.168.124.5:2525 ?
Am Di., 11. Dez. 2018 um 20:32 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > we receive mails from $world and forward them to internal exchange
> server.
> >
eparate transport for the relay(s) in question,
> with "smtp_sender_dependent_authentication = no" for that
> transport.
>
> > On Dec 11, 2018, at 2:37 PM, Stefan Bauer
> wrote:
> >
> > I dont see a way to have AUTH&T
org>:
> > On Dec 11, 2018, at 3:41 PM, Stefan Bauer
> wrote:
> >
> > Can you recommend appropriate manual(s)? I dont understand what you mean
> with separate transport.
>
> http://www.postfix.org/master.5.html
> http://www.postfix.org/tr
org>:
> > On Dec 11, 2018, at 4:40 PM, Stefan Bauer
> wrote:
> >
> > exchange unix - - n - - smtp
> > -o smtp_sender_dependent_authentication=no
> > -o transport_maps=hash:/etc/postfix/transport_internal
>
> No the "t
uot; behavior you need for the exchange
> transport is no sasl:
> exchange unix - - n - - smtp
> -o smtp_sender_dependent_authentication=no
>
> Daniel
>
>
> On 12/11/2018 1:40 PM, Stefan Bauer wrote:
>
> thank you for your help!
>
>
Hi,
Dec 19 13:04:36 mx1 postfix/postscreen[4770]: CONNECT from
[209.85.166.196]:52168 to [public-ip]:25
Dec 19 13:04:42 mx1 postfix/dnsblog[4774]: addr 209.85.166.196 listed by
domain dnsbl.sorbs.net as 127.0.0.6
Dec 19 13:04:42 mx1 postfix/postscreen[4770]: PASS NEW
[209.85.166.196]:52168
Dec 19
the threshold is at default, so 1.
but the dns timeout, Wietse mentioned, might be the real cause. gonna check
manuals, if this is configurable.
Thank you.
Am Mittwoch, 19. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
> On Wed, Dec 19, 2018 at 02:00:34PM +010
Hi,
i use smtp_tls_security_level = encrypt - if remote site have mx like
mx 10 mail1 without tls
mx 100 mail2 fake-mx with no open port
postfix detects lack of tls on mx10goes to mx100 and waits
maximal_queue_lifetime.
i don't like fake mx as they create a long delay.
i could reduce queue lif
.
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Dec 20, 2018, at 12:42 PM, Stefan Bauer
wrote:
>>
>> I use smtp_tls_security_level = encrypt
>
> The cost of that choice is that you must also have:
>
> main.cf
thats a nice approach! thank you. will test.
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Dec 20, 2018, at 1:25 PM, Stefan Bauer
wrote:
>>
>> I'm aware of such exceptions but I don't like to set them. Our pol
>:
>> On Dec 20, 2018, at 1:25 PM, Stefan Bauer
wrote:
>>
>> I'm aware of such exceptions but I don't like to set them. Our policy
is safe or not at all via mail.
>
> That policy has a cost. You don't like the cost, but there it is...
>
>> I
Hi Robert,
thanks. already saw that but i dont want to bother remote sites with a
'full verify'. still like the policy server approach. should be no big
thing for a coder - familiar with perl.
Am Samstag, 22. Dezember 2018 schrieb Robert Schetterer :
> Am 22.12.18 um 07:55 schrieb
Hi,
we have enforced TLS to all remote sites and have appropriate tls policy
server, that checks if TLS is avail before accepting mails. That works as
expected. we also only accept users with auth.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
s
Understood. Thank you.
Am Fr., 4. Jan. 2019 um 15:11 Uhr schrieb Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 04.01.19 14:44, Stefan Bauer wrote:
> >we have enforced TLS to all remote sites and have appropriate tls policy
> >server, that checks if TLS is avail before
Hi,
is there a way to bypass policy server in smtp_recipient_restrictions, in
case, subject contains special string?
smtpd_recipient_restrictions = check_policy_service unix:private/policy
header_checks:
/^Subject: .*string.*/ FILTER no-policy-service:
header_checks could reroute by subject bu
Jan 2019, at 9:36, Stefan Bauer wrote:
>
> > is there a way to bypass policy server in smtp_recipient_restrictions,
> > in
> > case, subject contains special string?
>
> No. As documented, smtp_recipient_restrictions is evaluated for each
> RCPT command, all of which
great idea, but recipient verification is not something, remote servers
like.really like.
Am Freitag, 4. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 4, 2019, at 9:10 AM, Matus UHLAR - fantomas
wrote:
>>
>> this looks to me that you search for connection between
sm
with special subject.
Am Freitag, 4. Januar 2019 schrieb Bill Cole <
postfixlists-070...@billmail.scconsult.com>:
> On 4 Jan 2019, at 10:36, Stefan Bauer wrote:
>
>> Would it be possible to have FILTER as action in policy server
>
> Yes, but FILTER behaves as documented in the
=ESMTP helo=: tls_whitelist_check:
mail gets delivered, but policy service is not used/called.
What am i missing?
Am Sa., 5. Jan. 2019 um 11:05 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> Understood. Would it be possible to have header_checks in main.cf that
> send mails
Thank you. That explains it!
Am Sa., 5. Jan. 2019 um 15:03 Uhr schrieb Benny Pedersen :
> Stefan Bauer skrev den 2019-01-05 14:08:
>
> > tls_whitelist_check unix- - n - -
> > smtp
> >-o header_checks=
> >-o
Hi,
i would like that postfix always sends DSN, when requested by client and
mail got forwarded to next-hop / final destination.
Thats works on some recipients, but not on all. postfix always sends DSN on
specific destinations (e.g. web.de)
: delivery via mx-ha02.web.de[212.227.17.8]:25: 250 Req
Awesome. Thank you. That did the trick.
Am Di., 15. Jan. 2019 um 13:22 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > i would like that postfix always sends DSN, when requested by client and
> > mail got forwarded to next-hop
Nessus reports for example TLS_RSA_WITH_SEED_CBC_SHA as weak on our
submission port. So i was using the following to disable all SEED ciphers
on submission port but it has no effect:
-o smtpd_tls_mandatory_ciphers=high
-o tls_preempt_cipherlist=yes
-o
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:E
I just want to set allowed ciphers but can not enforce encryption
generally. this seems to be a limitation and not possible right?
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrot
now i got it. sorry and thank you for your help.
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrote:
>>
>> -o smtpd_tls_mandatory_ciphers=high
>> -o tls_preempt_cipherlist=yes
Hi,
how can the following error be detected and an instant bounce/reject will
be send to the sender?
-- 880 Kbytes in 3 Requests.
root@mx1:~# mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
A97288008B 776694 Sun Jan 13 13:14:29 sender@sender
reject_unverified_recipient is no option as remote sites don't like
probing/verify requests. After rechecking, i had a typo in my regex.
Damn! It was working as documented. Sorry.
Am Mi., 16. Jan. 2019 um 13:17 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan
"Some sites may blacklist you when you are probing them too often (a probe
is an SMTP session that does not deliver mail), or when you are probing
them too often for a non-existent address. This is one reason why you
should use sender address verification sparingly, if at all, when your site
receiv
hi,
we have
address_verify_negative_refresh_time = 30m active
(root@mx2:/var/lib/postfix# postconf -n | grep verify
address_verify_negative_refresh_time = 30m)
but the verify behavior is strange.
Jan 23 21:15:21 mx2 postfix/postscreen[Jan 25 15:31:14 mx2
postfix/smtpd[10119]: NOQUEUE: reject: R
porcupine.org>:
> Stefan Bauer:
> > Jan 25 15:31:14 mx2 postfix/smtpd[10117]: NOQUEUE: reject: RCPT from
> > opsmail.colo.comodo.com[91.209.196.133]: 550 5.1.1
> > > address: host IP[IP] said: 550 5.1.1 > address rejected: User unknown in virtual mailbox table (in reply to
Thank you Wietse for taking the time to explain things. I really appreciate
this. now all is clear.
Am Freitag, 25. Januar 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> thank you. seems to be that
>>
>> if address_verify_negative_refresh_time = 30m, the next attempt t
Hi,
we would like to go the next step, enable smtp_tls_security_level = dane.
Currently we have encrypt site-wide.
But in cases where remote sites do not have published key material, the
fallback is may with dane, which is a step back in terms of security and
not wanted.
How can we specify:
1,
hi,
smtp_header_checks = pcre:/etc/postfix/header_chk
/^Subject: .*test.*/ FILTER test:
Postfix then logs:
Jan 30 12:44:16 mx2 postfix/cleanup[19243]: 096B95EAE2: filter: header
Subject: some text test from mail-cloud-01.asdfasdf.tld[1.2.3.4];(...)
How to disable logging of this events? I simp
Hi,
our outgoing mails sometimes end up undeliverable in postfix queue and
bounce back after 5 days, when remote sites change MX entries and postfix
has the old informations.
It seems that postfix is not doing another round of lookups when
destination MX was already discoverd for remote domain wh
Hi,
I'm running a pair of postfix-servers in different data-centers (different
ip networks) for outgoing-only delivery. once in a while my providers /22
appear on public blacklists, so mails from my nodes also gets rejected.
For this, i have now a third backup-instance in another data center that
aving 7000-8000 mails / day.
Stefan
Am Fr., 31. Mai 2019 um 18:37 Uhr schrieb Noel Jones :
> On 5/31/2019 1:48 AM, Stefan Bauer wrote:
> > Hi,
> >
> > I'm running a pair of postfix-servers in different data-centers
> > (different ip networks) for outgoing-only delive
Hi,
we are running a small smtp relay service with postfix for authenticated
users. Unfortunately office 365 does not offer any smtp authentication
mechanism when sending mails via connectors to smarthosts.
how could one protect smtp submission in another way?
without authentication, everyone fr
onntag, 16. Juni 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
> On Sun, Jun 16, 2019 at 04:00:38PM +0200, Stefan Bauer wrote:
>
>> We are running a small smtp relay service with postfix for authenticated
>> users. Unfortunately office 365 does not offer any smt
our users send/receive via o365. the last mile o365->recipient should go
through our service like o365->postfix->recipient
here, o365 does not offer smtp auth against postfix.
Am Sonntag, 16. Juni 2019 schrieb @lbutlr :
> On 16 Jun2019, at 09:46, Stefan Bauer wrote:
>> som
its like the first:
end-user client -> microsoft server -> postfix server -> remote recipient
Am Sonntag, 16. Juni 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> our users send/receive via o365. the last mile o365->recipient should go
>> through our service li
1 - 100 of 113 matches
Mail list logo
