Hello everyone.
I want to use postfix as frontend for a amount of non postfix mail server
( old CGP ) with a huge trafic. Right now I'm testing this scheme with two
backend servers. Postfix doing all antispam work, greylisting and after
verify recipient by verify trasnport (on an already known dom
> The address verify feature DOES NOT create its own connection cache.
>
> If you disagree, show actual evidence from the Postfix logfile,
> and explain what part of this evidence means that Postfix
> verification creates its own connection cache.
>
> Wietse
Sorry, it's all about my bad eng
add restrictions on localhost, despite it being
authorized, from sending mail as certain users or to certain
recipients?
Thanks,
Alex
Hi,
> Does anyone here know how often Simon Mudd releases his RPMs?
It looks like this might help for now:
http://www.kutukupret.com/2010/02/08/compiling-postfix-2-7-0-as-rpm-package/
Regards,
Alex
uides out there that I could find all pertain
to older versions of postfix. Any word on when Ralph will be updating
his book? :-) Is there a book you could recommend that covers
SSLv3/TLSv1 and later versions of postfix?
Thanks,
Alex
characteristic of the certificate that was created or how
postfix was compiled or otherwise?
Thanks,
Alex
ocal system? It's not
possible to figure out which ciphers are offered to TLS clients on my
server?
Thanks so much.
Best regards,
Alex
x get the information to make its decision? I don't
see how it put together that chain of encryption and authentication to
build the tunnel.
Thanks,
Alex
sed on the destination policy.
I have a much better understanding now. Thanks so much for your help.
I've got quite a bit of reading ahead of me.
Best regards,
Alex
mouss wrote:
ram a écrit :
On Tue, 2010-03-16 at 15:40 +0100, Vegard Svanberg wrote:
Hi,
we are trying to mitigate the impact of having infected users, brute
force hacked webmail accounts etc. sending (larging amounts of) outbound
spam.
The best idea we've come up with so far is to perform
s was rejected
and second : I need to build a new transport table for those recipients.
2 - the second solution is to use a policy service and the ability to
use the "instance" attribute.
Is there a policy service for my problem or someone have a better solution?
Thanks
Alex
Noel Jones wrote:
On 3/18/2010 10:41 AM, Alex wrote:
Hi All
My problem is describe here
http://www.mail-archive.com/postfix-users@postfix.org/msg16775.html
Basically I have a mysql table with thousands recipients , on the left
hand I have recipient and on the right hand I have the action
/dev/rob0 wrote:
On Fri, Mar 19, 2010 at 12:27:21PM +0200, Alex wrote:
Noel Jones wrote:
On 3/18/2010 10:41 AM, Alex wrote:
In case of am multi-recipient message, if I use
check_recipient_access and one of recipients is found in that
table, the all message is rejected and affects all
my system out of the
loop and leaves it to yahoo and the sender to work out, or is the
proper solution what I'm currently doing (leaving them until they
expire)?
Thanks,
Alex
has done a great job of indexing the RBLs, but it
doesn't say anything about what kind of reputation they have, or if
they're really suitable for real-world use:
http://spamlinks.net/filter-dnsbl-lists.htm
Ideas greatly appreciated.
Thanks,
Alex
dynamic/generic rdns names.
I guess that depends on what you consider a FP, right? IOW, I'm not
currently outright rejecting mail from unknown hosts, and it's very
likely that some road-warriors could be sending from their desktops,
and that would impact them here, right?
Lots of questions, so I sure appreciate your help.
Thanks again!
Best regards,
Alex
m hosts
that don't resolve properly, but before I can do that I need to make
sure my DNS is working properly. Maybe I'm able to resolve it now but
wasn't able to when the email arrived? Maybe the DNS info has changed
since the email was received?
What are the risks or implications of denying messages of this type?
Thanks,
Alex
r_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unauth_destination,
reject_maps_rbl,
Thanks,
Alex
sion of postfix that doesn't
understand reject_rbl_client.
Thanks again!
Best regards,
Alex
time keep this one running.
I just wanted to confirm that this feature, or an equivalent, isn't
available in old versions of postfix?
Thanks,
Alex
ome dead lists among your maps_rbl_domains. :)
I'm somewhat familiar with those, but do you know of a location that
describes the policies of the top five URI and DNS blocklists in one
place? That would sure be useful.
Thanks again for helping me to understand. Certainly upgrading is a
top priority.
Best regards,
Alex
l works; the new syntax was
> introduced for more flexibility.
Will reject_rhsbl_sender and reject_rhsbl_client work in old versions?
Thanks for being helpful and tolerant when I should be flamed for
using such an old version.
Thanks,
Alex
#x27;t work:
warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net
> 20020905
>
> Feature: "smtpd_data_restrictions = reject_unauth_pipelining"
It looks like I have a big project ahead of me to upgrade. What kind
of process is involved with going from such an old version to the
current, independent of all the other software?
Thanks,
Alex
ct
reject_maps_rbl backscatter.spameatingmonkey.net"
>> But it appears that's only available in later versions, so I've tried
>> this, and it also doesn't work:
>>
>> warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net
>
> doubly wrong syntax. besides the '=' sign, reject_rbl_maps doesn't take
> an argument.
Looks like I'm SOL for now? :-)
Thanks again,
Alex
e any recommendation for a smtp proxy or another solution?
thank you
alex
n my version (postfix-20020613).
As an interim solution, do you think I could get a later postfix
working, say, postfix-1.1.13 without much difficulty, and benefit from
some of these features to ease testing and migration to postfix-2.7
later?
Thanks,
Alex
Hi,
> You're still using warn_if_reject wrong; that's why you're getting an error.
>
> If you post your "postconf -n" we can show you exactly what to change to use
> warn_if_reject.
Thanks so much for your help. I've included it below. Ideally I'd like
to have support for smtpd_restriction_classe
ignature and size of messages, but it's acceptable
tradeoff for now.
I'd really like to be able to do this with a perl script rather than
having to install some additional program like amavisd. Maybe
something like alterMIME?
Thanks,
Alex
how would I go about it?
Is it possible to strip the entire HTML content and pass only the
text? Perhaps the right way to say it would be to pass only the MIME
text and strip everything else?
Thanks again,
Alex
n all messages in the
quarantine even though the Received header exists, and the IP is not
associated with openwhois.
How can I troubleshoot this? What information can I provide to assist?
Thanks,
Alex
ck for something like that.
Why would someone add something like this?
/^(R|r)eceived:.*in.*$/ IGNORE
/^(M|m)essage-(I|i)d:.*in.*$/ IGNORE
Outside of the obvious reason to purposely prevent them from being
written to the message, what use does this have? Strip any
non-internal headers for privacy, perhaps?
Thanks,
Alex
remove internal headers -- a questionable practice in itself. But
> they botched the job.
Yes, they sure did. I wonder how much mail they lost as a result of SA
rules hitting due to this. In any case, I've removed them.
Thanks again,
Alex
(kbytes, -v) unlimited
file locks (-x) unlimited
I also tried increasing the open files to 2048, then restarting
postfix in the same shell, but it still happens.
Maybe it's a kernel compile-time variable, or some kernel tunable via sysctl?
Thanks,
Alex
er of
open files for the master process (I have two instances of postfix
running):
# ps ax | grep master
14352 ?Ss 0:08 /usr/libexec/postfix/master
14368 ?Ss 0:00 /usr/libexec/postfix/master
# lsof -p 14352 -p 14368 | wc -l
188
Thanks for everyone's help!
Thanks,
Alex
ess
> current directory and root directory.
Yes, understood. I included that output more for completeness than
anything else -- I just increased the maximum processes per user to
260 from 160.
Thanks again,
Alex
* smtp:[127.0.0.1]:10024
example.com smtp:[127.0.0.1]:10024
.example.com smtp:[127.0.0.1]:10024
Some of the examples and documentation I have read use lmtp instead of
smtp. Why would someone choose one over the other?
I hope someone has some ideas of what to do next...
Thanks,
Alex
d if you use syslog_name to tag each
> instance.
Yes, I had done this previously
> Usually when a system is configured for multiple postfix instances like
> this, there is no need for a specific content_filter directive.
That's great, thanks.
Thanks so much for the information, and your help.
Best regards,
Alex
on of postfix, and
require forced TLS with certificate validation.
Thanks,
Alex
names, and
my postfix configuration is unable to properly handle that.
How can I troubleshoot this? This is an older version of postfix, and
require forced TLS with certificate validation.
Thanks,
Alex
se forced TLS (MUST_NOPEERMATCH) for
connections to this vendor. I believe this would mean we would also
need to add *.messaging.microsoft.com to smtp_tls_per_site.
How would this affect other connections to
mail.messaging.microsoft.com that weren't using TLS?
> Below is the full cert chain, with the first cert fully decoded,
> if that's useful:
Yes, thanks.
Much thanks,
Alex
Hi
how can I disable notifications for expire messages.
DBA9ED01B53: from=, status=expired, returned to sender
DBA9ED01B53: sender non-delivery notification: E737FD0192B
I want to disable notification for expire messages but not for bounces.
On 12/20/2010 12:44 PM, Ralf Hildebrandt wrote:
* alex:
Hi
how can I disable notifications for expire messages.
DBA9ED01B53: from=, status=expired, returned to sender
DBA9ED01B53: sender non-delivery notification: E737FD0192B
I want to disable notification for expire messages but not for
and how to construct such a rule to authorize this user to
send otherwise unauthorized content.
Thanks,
Alex
a way to reject by precedence, but I better understand
that now.
I've already sent a note to the person reporting, and advised them to
send smaller messages that don't need to be fragmented, or adjust
their mail client accordingly.
Thanks again,
Alex
Hello everyone.
I have tired to googling this, but didn't found anything userful.
I have next configuration:
postfix (2.6.5). dspam 3.80. dovecot 1.2.
/etc/postfix/main.cf:
virtual_transport = lmtp:unix:/var/run/dspam/dspam.sock
dspam is daemon mode, listen this socket and after checks use dove
> return-path is added upon final delivery.
>
> Wietse
Thank you for the answer. So do you think it should be done by LDA (dspam,
or dovecot deliver)? Or is there any point to change postfix daemon's
behavior by option like "lmtp_assume_final=yes"?
Alex.
way to avoid checking the hostname
(sender access?) so they aren't rejected with "Sender address
rejected: Domain not found"?
Thanks,
Alex
ion failed: Host not
found
The IP is in the popb4smtp db, but they still receive a relaying denied message:
Nov 1 14:32:44 smtp01 postfix/smtpd[23790]: reject: RCPT from
unknown[67.142.235.122]: 554 : Relay access denied;
from= to=
Thanks so much.
Best regards,
Alex
ram wrote:
On Thu, 2009-11-05 at 11:47 +0200, Alex wrote:
Hello
This is my first post on this list. I have a atypical configuration like :
- an MX server for inbound mails; this server is configured virtual
domains, graylisting , antivirus and antispam for all incoming mails; it
sed on what I told you. It will be ready
in 3 or 4 months more :) :).
Hope I have instructed you a little on how to interact with outgoing
mail.
Bye mate!
El 05/11/2009, a las 11:26, ram escribió:
On Thu, 2009-11-05 at 11:47 +0200, Alex wrote:
Hello
This is my first post on this list. I hav
ego...@ramattack.net wrote:
Hi
The trust in my own users led me to his post. The users are ignorant
(not all, but..). No one care about how send , what send, where send ,
thei just wnat to send more and more .
I don't trust anyone and my server too.
I know that the outboun
lst_ho...@kwsoft.de wrote:
Zitat von Alex :
Hi
The trust in my own users led me to his post. The users are
ignorant (not all, but..). No one care about how send , what send,
where send , thei just wnat to send more and more .
I don't trust anyone and my server too.
I know
cks to block them, and it does not appear to work.
check_client_access is a restriction on the regular header
information, not the envelope header, correct? Can someone help me to
clarify?
Any help greatly appreciated!
Thanks,
Alex
d clue-bat. Advice well taken.
Now, what if I said I was still using bind-4? Heh, just joking :-)
Thanks again,
Alex
e other relevant information from main.cf. Please excuse
the obscuring of my real domain with 'exxample.com' in its place.
mydestination = $myhostname, localhost.$mydomain, smtp0.exxample.com
mydomain = exxample.com
myhostname = smtp0.exxample.com
Thanks so much.
Best regards,
Alex
On Wed, Nov
others
using it otherwise.
Thanks to all for the information so far. I've got a bit more reading
to do, and have to monitor more closely.
Not only do queue IDs get reused, they change mid-stream because of
the two-queue configuration.
Thanks again,
Alex
.168.1.99]: 504 : Helo command rejected: need
fully-qualified hostname; from=
to=
What could I be doing wrong?
Thanks,
Alex
On Wed, Nov 11, 2009 at 10:52 PM, Noel Jones wrote:
> On 11/11/2009 8:18 PM, Alex wrote:
>>
>> Hi,
>>
>> I hoped someone could clarify for me the
e way to do it instead?
Thanks again,
Alex
On Thu, Nov 12, 2009 at 2:48 PM, Alex wrote:
> Hi folks,
>
> I'm still working on the problem you have all been so kind in helping
> me with, and have a problem relating to helo_checks. We require a
> proper FQDN for the helo,
qdn_hostname
reject_unauth_destination
check_helo_access hash:/etc/postfix/helo_checks
check_recipient_access pcre:/etc/postfix/recipient_checks
check_sender_access hash:/etc/postfix/sender_checks
check_client_access hash:/etc/postfix/client_checks
Thanks so much.
Best regards,
Alex
cess hash:/etc/postfix/client_checks
reject_maps_rbl
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
virtual_maps = hash:/etc/postfix/virtual
Thanks again,
Alex
f uptime before I rebooted it
recently, without incident.
Thanks again,
Alex
fc14 postfix/smtpd[10284]: Anonymous TLS connection
established from unknown[184.XXX.XX.223]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Apr 2 01:03:55 fc14 postfix/smtpd[10284]: NOQUEUE: reject: RCPT from
unknown[184.XXX.XX.223]: 553 5.7.1 : Sender
address rejected: not owned by user al
ed writing this
so late last night.
>> Apr 2 01:03:55 fc14 postfix/smtpd[10284]: NOQUEUE: reject: RCPT from
>> unknown[184.XXX.XX.223]: 553 5.7.1: Sender
>> address rejected: not owned by user alex; from=
>> to= proto=ESMTP
>> helo=<184-XXX-XXX-223.pools.mycellphone
Hi,
>>> Apr 2 01:03:55 fc14 postfix/smtpd[10284]: NOQUEUE: reject: RCPT from
>>> unknown[184.XXX.XX.223]: 553 5.7.1: Sender
>>> address rejected: not owned by user alex; from=
>>> to= proto=ESMTP
>>> helo=<184-XXX-XXX-223.pools.mycellphone.net&g
Hi,
I've read the access man page and help pages at postfix.org, but I
still don't understand. I think I may be trying to use
check_sender_access in a way in which it wasn't intended. I have the
following message:
Apr 11 03:32:07 alex postfix/smtpd[2278]: NOQUEUE: reject: RCP
Hi,
>> Apr 11 03:32:07 alex postfix/smtpd[2278]: NOQUEUE: reject: RCPT from
>> ut-tul-1.tul.getthere.net[151.193.164.249]: 450 4.1.8
>> : Sender address rejected: Domain not
>> found; from= to=
>> proto=ESMTP helo=
>>
>> Would adding "st...@w
ess hash:/etc/postfix/sender_checks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
And the "permit" isn't really necessary, correct?
Ideas greatly appreciated.
Thanks,
Alex
ere aren't any
documents in the last six or twelve months that explain how best to
configure RBLs and other antispam measures.
Thanks,
Alex
_reason?; $rbl_reason}
>
> This needs to go on one line
Ah, thanks, that did it. It should have been more obvious to me.
Thanks again,
Alex
ee:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
Thanks,
Alex
quot;/var/spool/mail/nobody" )
>>
> Can you post the output of command "ls -la /var/spool/mail" ?
> Most of this problem was caused by wrong permission
[root@fc14 ~]# ls -ld /var/spool/mail
drwxrwxr-x. 2 root mail 4096 Mar 31 13:25 /var/spool/mail
The directory itself is empty.
I could set the directory sgid mail, but then users would be able to
reach each other's mail, no? All users are not in group mail, anyway.
Thanks,
Alex
c/postfix/helo_checks,
check_sender_access hash:/etc/postfix/sender_checks,
permit
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
It is the ordering that I'm not sure is completely correct.
In client_checks I have a few domains that I'd like to reject
outright, as well as a few that should always be permitted:
.workforpbp.com 554 clientspam
workforpbp.com 554 clientspam
192.168.1.100 OK
192.168 554 Take a hike!
64.1.16.3 OK
Thanks so much for spending the time. You've given me some great advice.
Thanks again,
Alex
Hello all,
The following commands will not work as expected, or do what i need:
[root@mx ~]# mailq|grep frozen|wc -l
4590
[root@mx ~]# postqueue -f
[root@mx ~]# postsuper -r ALL
postsuper: Requeued: 36 messages
[root@mx ~]# postsuper -H ALL
[root@mx ~]# mailq|grep frozen|wc -l
4590
[root@mx ~]#
To:
Sent: Wednesday, April 20, 2011 1:06 PM
Subject: Re: how to flush frozen email from queue
On Wed, Apr 20, 2011 at 12:55:12PM +0300, Alex wrote:
Hello all,
The following commands will not work as expected, or do what i need:
[root@mx ~]# mailq|grep frozen|wc -l
4590
What does "froz
- Original Message -
From: "Ralf Hildebrandt"
To:
Sent: Wednesday, April 20, 2011 1:42 PM
Subject: Re: how to flush frozen email from queue
* Ralf Hildebrandt :
* Alex :
> Hi Victor,
>
> All I want to say is that when I run mailq command, I got 4590 frozen
> emails.
Pleas
- Original Message -
From: "Ralf Hildebrandt"
To:
Sent: Wednesday, April 20, 2011 1:42 PM
Subject: Re: how to flush frozen email from queue
* Ralf Hildebrandt :
* Alex :
> Hi Victor,
>
> All I want to say is that when I run mailq command, I got 4590 frozen
> emails.
Ple
have a virtual domain listed in a virtual_alias_maps, but mail from a
user in that virtual domain is rejected with "relay access denied".
I've read the virtual man page and the virtual domain readme, but
still don't understand. I also don't have the domain listed in
relay_domains or mydestination.
Thanks again for your help. I'm now reading through the other
suggestions you have made.
Thanks again,
Alex
...@example.com jen
Both users are listed in the relay_recips_access map:
/^j...@example.com$/ DUNNO
/^j...@example.com$/DUNNO
/^.*@example.com$/ REJECT
Ideas greatly appreciated.
Thanks,
Alex
what binary should point now: /usr/bin/mailq and
/etc/alternatives/mta-mailq. If matter, I am on centos-5.5.
Regards,
Alx
- Original Message -
From: "Ralf Hildebrandt"
To:
Sent: Wednesday, April 20, 2011 4:25 PM
Subject: Re: how to flush frozen email from queue
* Alex :
See
to the same conclusion. Sure
appreciate your help.
I learned a lot of this the hard way -- by being put in the position
where I had to figure it out. I'm now slowly learning the right way to
do things, even if they are much more advanced than I fully
understand.
Thanks again,
Alex
Hi,
I have a fedora14 system configured to use dovecot sasl, and having
some difficulties with smtpd_sender_login_maps. The docs say it's
optional, but without a proper mapping, mail is rejected with "Sender
address rejected: not owned by user alex". Is this configuration
indeed opt
Hi,
>> I have a fedora14 system configured to use dovecot sasl, and having
>> some difficulties with smtpd_sender_login_maps. The docs say it's
>> optional, but without a proper mapping, mail is rejected with "Sender
>> address rejected: not owned by user alex
above I understand that this can be done.
Does anyone use such config?
Alex
.compute.amazonaws.com[184.72.46.254]:
554 5.7.1 : Helo command rejected: You are not in
example.com; from= to=
proto=ESMTP helo=
Thanks,
Alex
pd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
Thanks,
Alex
Hi,
I'm trying to configure a disclaimer footer using altermime with
postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples
for creating a new filter, but the messages appear to be being
reinjected at the wrong spot and are being delivered multiple times to
the always_bcc recipient.
2.8.0/2.8.5,
dkim-milter-2.8.3-8.el6.x86_64, no content filtering.
I can't find anything in my config that could modify the body of the
message after is signed.
Any suggestions?
Regards
Alex
On 09/17/2011 10:34 PM, Patrick Ben Koetter wrote:
* alex:
Hi
I have a problem with messages signed by my server. All messages
send from any email client(tb, webmail) , fail verification with :
dkim=softfail (fail, message has been altered)
except messages send from command line
On 09/18/2011 12:50 AM, Benny Pedersen wrote:
On Sat, 17 Sep 2011 22:10:13 +0300, alex wrote:
Software use is: centos 6 (x86_64), postfix 2.8.0/2.8.5,
dkim-milter-2.8.3-8.el6.x86_64, no content filtering.
I can't find anything in my config that could modify the body of the
message aft
On 09/17/2011 10:34 PM, Patrick Ben Koetter wrote:
* alex:
Hi
I have a problem with messages signed by my server. All messages
send from any email client(tb, webmail) , fail verification with :
dkim=softfail (fail, message has been altered)
except messages send from command line
On 09/18/2011 12:52 PM, Ralf Hildebrandt wrote:
* alex:
header_checks = pcre:/etc/postfix/maps/anonymization_sender.pcre
What does that do (e.g. alter the message?)
with both header_checks and body_checks commented same results (I also
think about that two directives)
On 09/18/2011 07:39 PM, Benny Pedersen wrote:
On Sun, 18 Sep 2011 09:29:53 +0300, alex wrote:
I'am not speaking about this server.
so this server is a key helper to solve the one that does not work ?, i
hope
The server that doesn't work has nothing to do with the server I use to
On 09/18/2011 07:41 PM, Wietse Venema wrote:
alex:
On 09/17/2011 10:34 PM, Patrick Ben Koetter wrote:
* alex:
Hi
I have a problem with messages signed by my server. All messages
send from any email client(tb, webmail) , fail verification with :
dkim=softfail (fail, message has been
e and I also try the opendkim package but with same
results.
I go back to dkim-milter , make some changes in postfix (added content
filtering and signing after reinjecting mails into postfix) and now the
test fail only on messages with empty body. Canonization is relaxed/relaxed.
Alex
- smtp
-o fallback_relay=[206.XXX.YYY.20]
-- end of postfinger output --
Thanks,
Alex
eceive more
messages than amavisd can process?
> If zombie spambots are using up most of your available connections,
> postscreen will likely help.
> http://www.postfix.org/POSTSCREEN_README.html
Yes, looks like this would be a good thing to do is a general idea.
Thanks again,
Alex
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
Thanks again,
Alex
adjust the above service to control how many network smtpd
> listeners you have.
[snipped]
Thanks so much for your help.
Best,
Alex
ce currently
unavailable; from=, to=,
proto=SMTP, helo=
Thanks so much.
Best,
Alex
ilable; from=,
>> to=, proto=SMTP,
>> helo=
>
> This is normal and expected. Reread POSTSCREEN_README.html#after_220
> namely, the "Important note" and following text.
Okay, I think I understand. The way these are distinguished from
actual rejects are the SMTP response codes, correct?
This must add a significant amount to the logs.
Thanks again,
Alex
1 - 100 of 525 matches
Mail list logo
