How to restrict imposters

aying from outside networks to other email addresses and that's how I need it to work. It's great postfix is set to do this by default. However, an outside network can still identify as a local email account to send into my network, making imposters possible. Is there a flag I can use to s

Re: How to restrict imposters

> @lbutlr wrote: > > a wrote: > > > However, an outside network can still identify as a local email > > > account to send into my network, making imposters possible. > > > > Do not allow connections on port 25 that claim to be from your domains. > >

Re: How to restrict imposters

> @lbutlr wrote: >> > a wrote: >> > > However, an outside network can still identify as a local email >> > > account to send into my network, making imposters possible. >> > >> > Do not allow connections on port 25 that claim to be from your do

MAILER-DAEMON and double-bounce sender domain

Hello. I have mail server named "mx.example.com" that handles mail in "example.com" (virtual) domain. I use postfix 3.4.6 for this server. When something wrong happens, mail is dropped to postmaster with "double-bou...@mx.example.com" envelope sender and "mailer-dae...@mx.example.com" in the "From

Re: How to bypass / oversome mynetwork restriction

Authenticate all your internal servers through SASL. пт, 2 авг. 2019 г., 21:10 Bandaru, Vamsi : > Hello all , > > > > We are trying to configure a relay server which should accept email from > any system within our enterprise and our enterprise is spread across cloud > and

Re: SSL communication between MTAs

You can't enforce remote peer to use SSL unless that peer is under your control. Maximum that you can do - enable STARTTLS and configure MTA-STS (rfc8461). чт, 15 авг. 2019 г., 9:53 Eliza : > Hello, > > My MTA (postfix) has both 25 (non-SSL) and 465 (SSL) ports enabled. > > How to enforce the pe

Relaying mail from the same domain to another server

Hi. I'm trying to setup a multi-server mail architecture with a mail gateway and 2 final dest. servers hosting mailboxes, all on the same domain. I'm using virtual mailboxes wih MySQL backend (same for the 3 servers). I set up the gateway which forwards to end servers. The problem

Re: Relaying mail from the same domain to another server

Le lundi 12 juillet 2010 19:10:38, Jeroen Geilman a écrit : > On 07/12/2010 04:41 PM, John A. wrote: > > Hi. > > > > I'm trying to setup a multi-server mail architecture with a mail gateway > > and 2 final dest. servers hosting mailboxes, all on the same domain.

Re: Relaying mail from the same domain to another server

I tried to use transport as following: transport_maps = local.cf remote.cf - local.cf contains a sql query which returns "virtual" if the "u...@domain" matches. - remote.cf contains a sql query which return "smtp:[mail.gateway]" if the domain matches. Did this a

Re: Relaying mail from the same domain to another server

-- *** Jonathan Amiez Administrateur système j...@edatis.com it-pa...@edatis.com ad...@edatis.com *** Le mardi 13 juillet 2010 13:15:36, Jerry a écrit : > On Tue, 13 Jul 2010 12:42:42 +0200 > > John A. articulated: > > I tried to u

Re: Relaying mail from the same domain to another server

Le mardi 13 juillet 2010 14:12:22, John A. a écrit : > > On Tue, 13 Jul 2010 12:42:42 +0200 > > > > John A. articulated: > > > I tried to use transport as following: > > > > > > transport_maps = local.cf remote.cf > > > - local.cf contai

Re: Relaying mail from the same domain to another server

Le mardi 13 juillet 2010 17:47:21, John A. a écrit : > Le mardi 13 juillet 2010 14:12:22, John A. a écrit : > > > On Tue, 13 Jul 2010 12:42:42 +0200 > > > > > > John A. articulated: > > > > I tried to use transport as following: > >

Re: how add X-AntiAbuse header

fakessh wrote: >hello postfix guru >hello wieste >hello mouss > > > > >I would like to add anti-abuse headers. I just spent a good little time to >watch list archives and found no answers > >example of a header that I want to appear in my mail > >X-An

RE: I'm an open relay some how

open relay some how On 12/30/2011 10:26 AM, Noel Jones wrote: > On 12/30/2011 11:19 AM, Stephen Atkins wrote: >> On 12/30/2011 10:17 AM, Gary Smith wrote: >>>> I've been administering the same postfix server for years so I'm >>>> a little >>>&g

RE: forwarding to 2 domains

Pagaime Sent: Wednesday, January 18, 2012 12:25 PM To: postfix users Subject: Re: forwarding to 2 domains Hello Noel Jones thanks, that's my fallback situation: unroll all addresses from DOM1.com and DOM2.com: a...@dom.com a...@dom1.com, a...@dom2.com a...@dom.com a...@dom1.com, a...@dom

Building Postfix without Berkeley DB

Hello, I am getting errors when trying to use "-DNO_DB" option (both from 2.9.1 and 2.10.x) # make makefiles CCARGS="-DNO_DB" make -f Makefile.in MAKELEVEL= Makefiles (echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp No include

Disabling debug (DEBUG=)

Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS="-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$inst

Re: Disabling debug (DEBUG=)

: # uname -a Linux localhost 2.6.32-042stab049.6 #1 SMP Mon Feb 6 19:17:43 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux # gcc -v Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http

Re: Disabling debug (DEBUG=)

R='$installDir/data' > -DDEF_QUEUE_DIR='/var/log/postfix/spool' > > -DDEF_MANPAGE_DIR='$installDir/man' DEBUG=''" \ > > UXLIBS="-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber" > > AUXLIBS, not UXLIBS. See INSTALL, which expl

Re: Disabling debug (DEBUG=)

> -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' >> > -DDEF_MANPAGE_DIR='$installDir/man' DEBUG=''" \ >> >     UXLIBS="-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber" >> >> AUXLIBS, not

Rejecting mail based on destination MX records

meone trying to detect bad mail senders. Unfortunately, my server finds itself trying to do legit business and being "seen" by fakemx.net and having messages back up in my queue and continually retry doesn't make me happy. I'd like to immediately reject mail for all destinatio

Milters and Aliasing

My Problem: I have a vanilla Zimbra setup that I have been trying to implement either Before Queue Mail filtering or Milter Based Filtering. At first I tried doing a Pre-queue setup with amavisd-new but I ran into the problem where aliasing wouldn't work. I tried again after much te

RE: Milters and Aliasing

When I mean it doesn't work is that anytime I use any sort of aliases (domain --> domain via Zimbra's GUI) or a simple forwarder (userdne ---> userexists in /etc/aliases) it never works with a milter however sending to the original/real addres

Postscreen & Google Apps

Today, a Google Apps user sent a message with two recipients to us, one with TO and other a CC internal mailing list. Naturally, Google treated each as an independent message. Over the course of an hour or so, because Google attempted to deliver the messages using different outgoing hosts

Re: Postscreen & Google Apps

On Wed, Jan 23, 2013 at 6:24 PM, Noel Jones wrote: > On 1/23/2013 4:33 PM, Jon A. wrote: > > Today, a Google Apps user sent a message with two recipients to us, > > one with TO and other a CC internal mailing list. Naturally, Google > > treated each as an independent mess

Re: relay_recipient_maps and transport_maps

ll keep that in mind if the box configurations start differing too much. On Wed, Mar 20, 2013 at 2:17 PM, Noel Jones wrote: > On 3/20/2013 1:05 PM, Jon A. wrote: > > I've a number of "nobody" type aliases that I map in transport_maps > > to the discard service. Our

RE: Compromised Passwords

What has worked for me. Develop a policy where user must have 8 char min password that is not dictionary based. Linux Pam for example helps with this. Then obtain and run fail2ban against your smtp/pop/imap logs. Most passwords are guessed using dictionary attacks, which fail2ban you can

valid names for postfix services

Hello, I have to setup a special transport to send messages to a broken system. If I name the transport "foo", I could add transport specific setting in main.cf as foo_destination_rate_delay for example. Does that work too if I name the service "foo_smtp" so the se

Re: valid names for postfix services

nsportname} contain a underscore itself. Andreas

CCERT autorization

Hello, Abstract problem: allow a external third party to relay messages with one fixed envelope sender. Certificates must be used to allow relay permissions. Do I really need additional UserID+Passwords to limit to a specific envelope sender or could information from the ccert be used

Re: Milter problem

/smfi_insheader insheader allow to specify a position. Position 0 is special: "Topmost". I found that many milter use position 1, other use 0. With milters calling insheader and hdridx=1 I never saw the problem you described. Andreas

is 7bit conversion logged?

Hello, it may happen that postfix announce 8BITMIME SMTP extension and clients use that by submitting messages it may happen postfix has to relay such messages to a legacy server not supporting that extension. in this case postfix will recode the message. it that situation visible in the

Re: Individual smtpd_tls_ask_ccert?

Patrick Ben Koetter: IIRC smtpd_tls_ask_ccert should not be enabled on publicly referenced MTAs ... It that is true ... Hello, I ask for client certs on every of my public mx servers without any compatibility issues for more the two years. Andreas

suggestion / log improvent

Hello, the last day I had to search messages in our "poor man's second chance" storage. ( an always_bcc solution ). *finding* messages was painful. using my logging I could follow any message by its queueid. But finally messages are delivered by a local transport telling 10

smtp_fallback_relay

Hello, I'm looking for an alternative solution for smtp_fallback_relay that I'm currently forced to use. Mostly I hit servers also running postscreen or postgrey. postfix could deliver direct if it would get a second chance. But smtp_fallback_relay=... catch all deliveries after

mailing list via ldap without virtual domains

Hello all, I have postfix(version 2.5.5-1) running on latest Ubuntu server (8.10) along with an OpenLDAP server. I have't setup virtual domain and all users have a normal directory (with Maildir support) at /home/ The only relevant information how to query and build a mailing list with Po

logging from scripts executed by pipe

Hello, I've to rebuild a service: messages to an address are delivered via postfix pipe to a script. This script use syslog to write it's messages. That worked well for years. Now, postfix run in a different way, supervised via "postfix start-fg" (docker) Essentially the is

Re: logging from scripts executed by pipe

Wietse Venema: A. Schulze: Is there a recommended/any way to log messages from a script via postfix? Not at this time. Making the postlog command setgid requires a security analysis and that may require some code restructuring before this can be done without opening up a security hole

strict_7bit_headers, strict_8bitmime and strict_8bitmime_body

Hello, the documentation say for these settings: > This feature should not be enabled on a general purpose mail server, because > it is likely to reject legitimate email Is it possible to activate a kind of log only mode similar to "warn_if_reject"? That would allow admini

Re: DMARC in postfix ?

Am 13.04.22 um 05:31 schrieb John Levine: > For doing DMARC validation, I know about the opendmarc milter. Is that what > everyone uses? Is there anything else used in pratice? Hello John, rspamd handle DMARC as well. But it's also a milter. This is intentional: Wie

Re: dig reports NXDOMAIN but Postfix thinks otherwiese

Am 06.12.22 um 19:06 schrieb Fred Morris: This is a good use for DNS Response Policy Zones (RPZ) to prevent leakage, as well as an illustration of why doing some broad brush statistical monitoring of DNS traffic is a useful practice. it's easier to consequent avoid 'searc

Re: may we suggest ICANN not run that many new tlds?

Am 19.11.19 um 10:58 schrieb Merrick: > may we suggest ICANN not open a new TLD anymore? yes, you can: https://www.icann.org/public-comments

different message_size_limit per smtpd

Hello, My goal is to allow different message size on MX and submission. As message_size_limit is a cleanup option, this is my (non working) setup based on http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission main.cf message_size_limit = 512 master.cf # define a

Re: different message_size_limit per smtpd (solved)

is >> enforced by the cleanup daemon. > > How do you set a different limit in cleanup then? Or do you set > message_size_limit to the maximum size for submission and then set a separate > limit for smtpd? How would you do that? > > main.cf: >message_size_limit=4000

MDB_MAP_FULL: Environment mapsize limit reached

Hello, running postfix-3.4.7 on Debian 10 I found the following warning in my logs: postfix/tlsmgr[705]: warning: lmdb:/var/lib/postfix/smtp_tls_session_cache is unavailable. open database /var/lib/postfix/smtp_tls_session_cache.lmdb: MDB_MAP_FULL: Environment mapsize limit reached on

Re: Are there plans for a buld-in support of REDIS-tables?

Am 09.01.20 um 17:12 schrieb kris_h: > We distribute the more dynamic tables - e.g. cidr-tables with self-harvested > current spammer's IPs - actually by simply distributing those files with > rsync. we use an rbldnsd to build and serve an internal zone with similar data. Usual DNS lookups are

Re: Postfix restrictions

Am 07.06.20 um 11:51 schrieb Nicolas Kovacs: using "reject_unknown_helo_hostname" may trigger some false positives. Not every sender have such perfect setups. You may use "warn_if_reject reject_unknown_helo_hostname" for some time and check if loosing such traffic is acceptable for you. Andr

Re: Postfix restrictions

Am 07.06.20 um 14:38 schrieb yuv: > Is there a valid reason for a sender not to fix something so essential > as DNS configuration? no valid reason but reality. There are so many sendings hosts named "foobar.local". Via NAT they are visible with a public IP and a perfect DNS

Re: Cannot assign requested address -- with "inet_protocol = ipv4" in main.cf

Am 25.06.20 um 20:58 schrieb Greg Sims: > I set "inet_protocol = ipv4" in main.cf . postconf inet_protocol postconf: warning: inet_protocol: unknown parameter postconf inet_protocols ? Andreas

debugging strategy

Hello, I operate a postfix server + some milters. Some messages running over this MTA generate some trouble on the receiver side. I nailed down the problem to be the content, I receive from the client. It's an application I personally don't control. To Debug the problem, I must as

Re: Mail server without MX record.

Am 13.10.20 um 14:09 schrieb Jason Long: > I want to know can I use it without MX record? A records are used by default if no MX is available That's nothing postfix specific - it's an RFC requirement for any MTA Andreas

making relay access denied permanent

[7475]: too many errors after DATA from unknown[14.215.136.46] How can I change the temporary 454 to a 5xx reject? I dont find anything in the main.cf regarding this. smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access_sender, permit_mynetworks

Re: making relay access denied permanent

unknown[14.215.136.46]: 454 4.7.1 : Relay > > access denied; from= to= > > proto=ESMTP helo= > > Sep 5 08:05:49 bitmachine1 postfix/smtpd[7475]: too many errors after > > DATA from unknown[14.215.136.46] > > > > How can I change the temporary 454 to a 5xx rejec

Re: Forward rejected by yahoo

to RFC5321.MailFrom (MAIL FROM) first poster mentioned yahoo.com. I suspect he fail to forward a message "from" a yahoo user back "to" an other yahoo user. But he did not present logs to be sure... most probably reason is DMARC. And yahoo.com uses a DMARC policy which could be named

Re: Forward rejected by yahoo

Am 18.09.2015 um 16:23 schrieb Sebastian Nielsen: Thats exactly what im talking about, this DMARC Strict Identity Alignment. If a host only publishes a SPF record (no DKIM record), and sets up DMARC with Strict Identity Alignment, it's most probably not a very good DMARC setup the

Re: multiple IPs and postscreen

Eric Abrahamsen: It works fine, until I try to add postscreen into the mix. you did not post a complete config. but you may check your master.cf: master.cf without postscreen: smtp inet n - n - - smtpd master.cf with postscreen: smtp inet n - n - 1 postscreen smtpd pass

address rewrite

I have a situation where an email from Comcast alert services is getting rejected, as the email comes in to my postfix server it gets forward to my phone and the service provider looks up SPF for my domain and rejects the email as it should. I wanted to rewrite the address to remove the

DKIM Signature fails

valid and present. We have figured out what the issue is. Postfix is chopping certain lines of the messages after a total of 74 characters. This is quite strange as the line length limit for Postfix is 998 characters and SMTP protocol line length limit is 1000 characters. But, what's even

RE: DKIM Signature fails

Thanks for the information. I have now made sure that the message is converted to printed-quotable before DKIM signing. That results in DKIM verification pass but the message now is limited to 76 character length and each line longer than 76 characters ends with a '=' and a line bre

documentation error

Hello, the descriptive text for lmtp_address_verify_target (http://www.postfix.org/postconf.5.html#lmtp_address_verify_target) looks simply wrong... Andreas

Re: SV: Blocking TLDs

Sebastian Nielsen: Then paste all the DISCARD lines into a new file called /etc/postfix/banned_tlds (and also add some own TLDs there, its just to copy paste one line and then change the TLD), and also remove lines for TLDs you don’t want to block. Chmod the banned_tlds file to 666 to ensure

send to ESP with broken STARTTLS

. But: the destination host multiple domains. So a significant portion of out outbound volume goes unencrypted over the wire. The TLS connect don't fail on all of my systems. Some hosts (other OS) do succeed: # Debian Jessie Host # posttls-finger -c iutax.de posttls-finger: iutax

Re: send to ESP with broken STARTTLS

Viktor Dukhovni: iutax.de.pri-mx.eu0105.smtproutes.com[94.186.192.102]:25 Yes, this server has a 768-bit DH key. a larger email service provider :-/ see https://www.robtex.com/en/advisory/ip/94/186/192/102/ The 1024-bit lower limit is enforced internally by the OpenSSL library and cannot

Howto avoid 8BITMIME

-bit MIME ( https://tools.ietf.org/html/rfc6152#page-4 ) The problem occur in a usual combination of common software packages: postfix and OpenDKIM. OpenDKIM as signer is implemented as milter. A milter receive any message postfix receive via smtpd. so the simple mailflow for submission

Re: Ordering the preque filtering?

Am 22.05.2016 um 02:07 schrieb Phil Stracchino: My point stands: Making DMARC failure an automatic reject is a sound policy only if you're OK with losing legitimate mail because it passed through a forwarder who hasn't implemented DMARC yet. disagree DMARC in it's cur

Re: Mails rejected due to SPF?

Am 31.05.2016 um 19:09 schrieb Johannes Bauer: Hello list, I know this is a bit off-topic, but I'm not sure if I misconfigured Postfix to result in this: Just today, an email of mine was rejected due to SPF reasons: host mx-ha03.web.de[212.227.15.17] said: 550-Requested action not

Re: master.cf, arguments line, short form: newlines possible ?

,permit_sasl_authenticated,reject as follows: -o smtpd_sender_restrictions= reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, permit_sasl_authenticated, reject you may define a macro in main.cf

Re: Feature-request: rfc5322_from_login_maps

Am 20.07.2016 um 18:03 schrieb Wietse Venema: In Postfix: require that MAIL FROM matches SASL login In Milter: require that MAIL FROM matches From: header. I took that suggestion and had a deeper look in OpenDKIM today. Parsing RFC5322.From /is/ complicated. But for my feeling OpenDKIM does

cosmetics: authentication success not logged

Hello, we implemented a submission server with SASL authentication. nothing special... also we use to grep for "sasl_username=$customer_with_trouble". today I noticed, the successful authentication was not logged because a sender address was rejected. Looks like sasl_username logg

Re: cosmetics: authentication success not logged

Am 18.09.2016 um 14:31 schrieb Wietse Venema: No, that would log it too often in normal sessions. Instead it can be logged for rejected commands. reject: from host[addr] ...; from=, to=, proto=SMTP, helo=, sasl_username= Hello Wietse, that would be OK, too. It requires a code

Re: cosmetics: authentication success not logged

Am 18.09.2016 um 14:39 schrieb Wietse Venema: As in the patch below. ups, you'r so fast... thanks! I'll try and report. Andreas

Re: cosmetics: authentication success not logged

A. Schulze: Am 18.09.2016 um 14:39 schrieb Wietse Venema: As in the patch below. Hello Wietse, there are multiple places where such loglines are written: $ find . -name '*.c' | xargs grep helo= ./src/cleanup/cleanup_message.c: vstring_sprintf_append(state->temp

Re: Is there a best-practices document available?

Am 28.09.2016 um 16:58 schrieb Stephen Satchell: For mail servers in general? I suggest MAAWG documents: https://www.m3aawg.org/published-documents Andreas

Re: SV: Restriction question

Hello, you may set "mynetworks_style = host" see http://www.postfix.org/postconf.5.html#mynetworks_style Andreas Am 18.10.2016 um 21:51 schrieb Sebastian Nielsen: > Set mynetworks to only contain the IPs or networks of the production server. > You can use /32 to list single IPs. > Like: > mynet

Re: Problem with ldap failover

Am 21.10.2016 um 13:49 schrieb MichalZ: > server_host = ldaps://ldap3.img.local:636 > ldaps://ldap2.img.local:636 > ldaps://ldap.img.local:636 did you check that every single server work without the others? try1: server_host = ldaps://ldap3.img.local:636 try2:

421 4.4.2 service timed out

We are having issues sending emails with attachments over ~2 MB to some recipients. In the situations were we have an error, the remote server responds with "421 4.4.2 service timed out. (in reply to end of DATA command)". We are not having these issues with all recipients, but there are many r

Re: 421 4.4.2 service timed out

What sort of network stats would be useful to diagnose the problem? Below is the output of netstat -s It looks like data is being transmitted fine up until the point that the remote server sends a [TCP Window Update] (see packet 1750 below). At that point my postfix server doesn't respon

Re: 421 4.4.2 service timed out

Wietse, Thanks for your response. I can consistently send a 1 MB attachment to a recipient with no issues, but consistently get "421 4.4.2 service timed out. (in reply to end of DATA command)" with a 3 MB attachment sent to the same recipient. I have turned off tcp_window_scaling on

Re: 421 4.4.2 service timed out

I also set tcp_windowsize = 65535 but this had no effect on the ability to send the emails. Rob A wrote > Wietse, > > Thanks for your response. > > I can consistently send a 1 MB attachment to a recipient with no issues, > but consistently get "421 4.4.2 service time

Re: Positive DSN if delay_warning_time is reached?

wietse: This turned out to be easier than expected. Manpage fragment for Postfix 2.12-20140907: confirm_delay_cleared (default: no) After sending a "your message is delayed" notification, inform the sender when the delay clears up. This can result in a sudde

Re: Positive DSN if delay_warning_time is reached?

wietse: First, I think this is somewhat academic because many users will be confused when they receive more than one notification for the same email message, regardless of the content of that notification. right. Users tend to not read such messages :-/ Presently, we have a new feature to

Re: ECDSA ciphers & MTA's

ave any EC ciphers (openssl from 0.9.8 to 1.0.0 i believe?) which are required because of an EC ssl cert ? yes, you may want to also provide a RSA certificate why doesn't mail then get delivered in the clear ? the MTA @medusa.blackops.org ( sendmail as far as I know ) just do not fall back to

Re: Address verification callable via sendmail?

Benny Pedersen: Ralf Hildebrandt skrev den 2014-09-19 11:20: Is the Address verification functionality callable via an invocation of the sendmail compatability binary? sendmail -bv root sure, simple :-) but would be nice to simply get a returncode 0/1 instead a message. I assume that&#

Re: Address verification callable via sendmail?

wietse: sendmail -bt Whoops, -bt isn't documented :-) Andreas

Re: Input requested: append_dot_mydomain default change

wietse: Dammit, I want to hear from people who expect to have problems or not. OK, I don't expect problems for /my/ systems because I already explicit set 'append_dot_mydomain = no'. Andreas

Re: PATCH(2): Positive DSN if delay_warning_time is reached?

wietse: This is a minimal patch relative to the confirm_delay_cleared patch. This suppresses the notification when the user requests NOTIFY=FAILURE, or any NOTIFY features that do not include DELAY. I checked the cases mentioned here: http://marc.info/?l=postfix-users&m=14104478390

OT: invalide DKIM signatures

wietse: Do you have a so-called security appliance in the path? Many have a history of tampering with email. Do you have other anti-spam software in the path that modifies mail headers such as X-Spam:? To be complete: there is an easy way to invalidate DKIM-Signatures: don't announce

Re: Discuss: safety net for other compatibility breaks

Mark Martinec: Some more archaisms that can be changed to: biff = no swap_bangpath = no allow_percent_hack = no funny, all of the already mentioned settings I also set explicit set here ... other suggestions: - disable_vrfy_command = yes - enable_long_queue_ids = yes - smtpd_tls_p

Re: Compiling new postfix same as the old postfix

LuKreme: What can I look at to figure out what the build options were for the currently installed version so I can try to match them as closely on the new compile? search a file makedefs.out for current buildoptions information about building: http://www.postfix.org/INSTALL.html for

postfix-2.12 BC-warnings: confusing linenumbers

backwards-compatible default setting chroot=y Most users would expect a warning about line 1 and 4 because line 3 is obviously a comment ( same happen if line 3 is empty ) Andreas

postconf question

Hi all, while reading the COMPATIBILITY_README I asked me wasn't the command to edit the main.cf 'postconf -e mumble=foo' ? <<<< is '-e' a default action to edit main.cf? did I missed an update? "postconf mumble" display the value "post

Re: postfix-2.12 BC-warnings: confusing linenumbers

may appear IN THE MIDDLE of a master.cf entry. technical correct. I read "line 3" but should read "the entry starting somewhere and end in line 3" I expect higher support volume. Many people will ask again and again "I get warnings about empty or comment lines" That's what I like to say. Andreas

Re: postfix-2.12 BC-warnings: confusing linenumbers

Viktor Dukhovni: Try the patch below: works with one exception. my master.cf start with comment lines 1: # 2: # documentation 3: relay unix - - - - - smtp 4: -o smtp_fallback_relay= 5: 6: flush unix n - - 1000? 0 flush 7

Re: postfix-2.12 BC-warnings: confusing linenumbers

wietse: That's why I am implementint line RANGES to shut up people like you. honestly, I only try to help ...

Re: SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

Ralf Hildebrandt: When I have more time I can test other versions in between. you may force problematic destination to plaintext (smtp_tls_policy_maps) or ignore the STARTTLS announcement (smtp_discard_ehlo_keyword_address_maps) both not perfect but workarounds ... Andreas

Re: POODLE: smtpd_tls_mandatory_protocols question

Viktor Dukhovni: POODLE is not an SMTP attack. No need to panic. Disabling SSL 3.0 may feel good, but the net effect is slightly negative, since you'll now use cleartext with SSLv3-only SMTP peers. to calculate the damage, count: < inbound > # grep 'TLS connection established from' /var/lo

Re: POODLE: smtpd_tls_mandatory_protocols question

Harald Koch: (RC4 on the other hand - Google and Yahoo are both still using it by default... *sigh.) If *you* disable RC4, they *will* use other ciphers ...

Re: PATCH: Milter header position semantics

wietse: I have patches for evaluation: Postfix 2.12 released 20140918 or later: just compiling ... Postfix 2.8, 2.9. 2.10, 2.11, and Postfix 2.12 released before 20140918: ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/feature-patches/20141017-milter-auto-header-hide-2.12.11.pa

Re: Postfix/milter benchmarking

Julian Mehnle: Are there any other tools people use to benchmark their Postfix setups or, more specifically, milters? Wietse told on talk I listened "Optimize both the worst case and the common case. Worst cases become normal cases" When developing milter applicaions that mean to me: -

Re: patch: smpd insert DSN request (Update)

wietse: /^(RCPT\s+TO:<.*>.*\s+NOTIFY=.*)/ $1 /^(RCPT\s+TO:<.*>.*)/ $1 NOTIFY=SUCCESS,DELAY,FAILURE the regex above don't match on 'RCPT TO: ' ( SPACE after colon ) I use now: /^(RCPT\s+TO:\s*<.*>.*\s+NOTIFY=.*)/ $1 /^(RCPT\s+TO:\s*<.*>.*)/ $1 NOTIFY=SUCCESS,DELAY,FAILURE Andreas

  1   2   3   4   5   6   >