it should be "all" not
"localhost".
Regards
Andreas
t discarded as duplicates, and
nobody ever knows.
+1 : See for example RFC 2822 section 3.4.6
Regards
Andreas
Where user.example has a valid mail account on the server.
http://www.postfix.org/postconf.5.html
Cameron
Hi Cameron
Could this variable is used with mysql table, like this
always_bcc = mysql:/etc/postfix/mysql-user.cf
If i wont this to happen system wide?
Andreas
manner it would be used. At first I
thought it would be per-user basis, but the correct usage is a single
address and
nothing else.
thanks
Andreas
e, therefore to rule out misconfiguration on your side a fully
functional dns is recomended. If you can give some more info how your setup
looks like, and if yahoo specific is the problem, perhaps anyone will be
able to help you to dig into the problem.
Andreas
On Wed, 15 Aug 2012, Daniele Nicolodi wrote:
On 15/08/2012 14:09, Mikkel Bang wrote:
Dropped:
- postscreen: Looked into http://www.postfix.org/POSTSCREEN_README.html
but couldn't really find anything concrete to add to my setup
Did you really read the documentation? What is not clear in thi
on. I know there are
other ways to do the
filtering but reading messages from [CentOS] lists and [Dovecot] lists
I thought
this might be a little quirk Postfix could adopt.
Thank you
Andreas Kasenides
ib/postfix conflicts with instance /etc/postfix,
> daemon_directory=/usr/lib/postfix
makedefs.out: http://pastebin.com/HhD0AZKQ
Only if i set shlib_directory=no all works as expected. I'm wondering if
this is normal.
--Andreas
ebian, Arch, and probably more) daemon_directory is
/usr/lib/postfix as well, which will lead to a broken multi-instance
capability by default.
Hopefully i just missed some important point.
Andreas
Am 2/18/2015 um 01:32 schrieb Wietse Venema:
> Andreas:
>> Hi,
>>
>> i insta
irst adopted upstream.
Since, as you said, some distributions lack /usr/libexec, wouldn't it be
a better idea to leave it up to the package/distribution maintainers to
separate shared objects from shared executables?
Andreas
Am 2/18/2015 um 18:39 schrieb Viktor Dukhovni:
> With 3.0.0 Linux distributions should start using the upstream
> default. This does mean that users should remove explicit legacy
> default settings of daemon_directory from their main.cf files.
> Distribution package upgrades will need to update or
;:
>
> > telnet smtp.givi.it 25
> > 220 smtp.givi.it ESMTP GIVI srl
This is the $smtpd_banner, and suprise it seems to work as expected.
> > helo playmobile.gibilogic.com
> > 250 srv04.givi.it
This announcemnet is not the $smtpd_banner. After ehlo/helo you see
$myhostname here. This is not configurable until you change myhostname.
> I guess that if there is an $smtp_helo_name parameter, it could be set
> different from $myhostname. Am i wrong?
--
Andreas
y.yy
>From the Cyrus-SASL Docs (docs/options.html):
sql_hostnames SQL plugin Comma separated list of SQL servers (in
host[:port] format). none (engine dependent)
I think the red flashing thing here is "Comma".
--
Andreas
ored Passwords in your SQL-Server.
Cyrus-SASL auxprop is bound to cleartext Passwords. If you have crypted
Passwords, you have to patch Cyrus-SASL.
--
Andreas
* Julio Cesar Covolato (ju...@psi.com.br) [090514 07:26]:
> Hi!
>
> I made a litle shell script to stoping bootnets and zombis, and I want
> know what you think about it.
>
> The purpose is drop via iptables hosts that are rejected several
> times in a litle space of time, reading the log
t mail?
>
> I am confused about the line "451 Message temporarily deferred"
> immediately followed by "status=sent (250 ok)".
4xx are temporary Errors and Postfix tries the next MX.
68.142.202.247 != 98.137.54.237
--
Andreas
..@spamtrap.invalid
Subject: Erhalten Sie einen Bonus bei Euro Jackpot!
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
As you can see the spamtrap is in CC. Why did postfix forward the mail without
any authentication to a foreign host? I don't get it.
Thanks.
Andreas
Hi Wietse,
that's right, it isn't listed. But it was a non exisiting subdomain the spamer
sent the mail to. The mail address was like
zirkel.in...@nonexistingsub.domain.net
So the mail was directly delivered to the A record (which is wildcarded).
What i don't get is, why did postfix forwarded th
eird forwarding problem, what happened?
Andreas Grimm:
> Hi Wietse,
>
> that's right, it isn't listed. But it was a non exisiting subdomain
> the spamer sent the mail to.
OK, in that case you could set
main.cf:
relay_domains=
If, on the other hand, you really need to have a
LDAP-based authentication but are
hopelessly overwhelmed with SQL backends, especially when the queries
are a bit complex.
Thanks in advance!
Andreas
PS: I gathered much from the article in [1] but by now it is over 7
years old and many things have changed so I can't follow it to the
lette
ash:/etc/postfix/sasl_pwds
smtp_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
Firewall: FortiGate 110C
Many thanks in advance.
Andreas Barchfeld
**
AKK Altonaer Kinderkrankenhaus gGmbH
Akadem
ix I have in place was to put "208.65.144.12 mmm.com" in my /etc/hosts
file.
Thank you in advance for any assistance.
Regards,
-Andreas
Andreas Freyvogel
ecmarket
Customer Solutions Manager
E: afreyvo...@ecmarket.com
P: 604.638.2300 x147
C: 604.603.3319
dcardKey-nopass.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
<<<
Thank you,
-Andreas
-Original Message-
From: own
@postfix.org
Subject: Re: Postfix Question: strange issue with mx record lookup
Am 12.09.2011 21:11, schrieb Andreas Freyvogel:
> The email address to which we are sending is "u...@mmm.com".
>
> Output of my postconf -n:
>
> readme_directory = /usr/share/doc/postfix-2.2.10/REA
Am I to understand that Postfix will first try to lookup the MX record via
DNS and if should that fail it will use the value configured in the
/etc/hosts file?
-Andreas
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse
On Mon, 19 Sep 2011, Marek Salwerowicz wrote:
Hi all,
I am new to Postfix-users mailing list so would like to say hello to everyone ;)
I am wondering what rbl's are you using to prevent your MTAs against spam?
My current config is as follows:
reject_rbl_client zen.spamhaus.org,
reject_rbl_
On Wed, 21 Sep 2011, Stan Hoeppner wrote:
On 9/20/2011 6:54 PM, Peter Blair wrote:
On Tue, Sep 20, 2011 at 9:16 AM, Stan Hoeppner
wrote:
> On 9/19/2011 5:38 PM, john wrote:
> >
> > I think this is off topic.
> >
> > I am running Ubuntu 11.04 as a SOHO server with
> > postfix/dovecot/A
On Tue, 27 Sep 2011, Andy Jezierski wrote:
Hi,
Trying to add an entry to a virtual alias table and for some reason, I keep
getting an error stating the recipient can't be found.
lipidnutritxxx.com DOMAIN
erik.bakk...@lipidnutritxxx.com erik.bakk...@stexxx.com
[snip]
#
# Temp
10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --client
--deliver=spam,innocent
--user $user --mail-from=$sender --rcpt-to $recipient
-o destination_recipient_limit=1
good luck
Andreas
On Thu, 22 Dec 2011, Wietse Venema wrote:
Andreas Berton:
Problem usually occur when you run dspam from pipe, and my guess is that
you do so. Consider switch to daemon mode/lmtp whish in many cases solv
the problem, However if need to run from command line you might try this.
dspam unix
Merry christmas to you all!
This post might not that indirect belong to why this list does not use
Return-Path. I ran a server ( not postfix) for many years, which ended up
with too many mail was discrded or were taken to the side becouse I had
the most elementary rules which was follow email protocols standard. I
felt
Is it possible to use a global user address to manage the delivery to
final destination. So delivery looks something like
u...@myhost.tld glo...@myhost.tld u...@destination.tld
If this is possible, could such scenario create any holes or overides the
normal control of realy processing. And w
On Sat, 18 Feb 2012, Andreas Berton wrote:
On Wed, 18 Jan 2012, Simone Ruffilli wrote:
Il 18/01/2012 10:35, Ralf Hildebrandt ha scritto:
> * Simone Ruffilli:
> > >whenever I submit to my postfix server a mail having a massive
> > >(~15k)
> > &g
On Tue, 7 Feb 2012, Lorens Kockum wrote:
On Tue, Feb 07, 2012 at 11:42:37AM +1100, Greg Wilson wrote:
I use this
technique, DNS round robin to evenly spread rdp connections to our
terminal servers. My understanding is that a device does a DNS lookup and
the server hands out each different IP
On Wed, 7 Mar 2012, Quanah Gibson-Mount wrote:
--On Tuesday, March 06, 2012 2:05 PM -0500 Wietse Venema
wrote:
Quanah Gibson-Mount:
> --On Tuesday, March 06, 2012 1:11 PM -0500 Wietse Venema
> wrote:
>
> Hi Wietse,
>
> I noted in my initial email why this is not desirable solution.
search_base = ou=HQ,dc=novanetwork,dc=loc
scope = sub
query_filter= (&(objectclass=person)(|(mail=%s)(otherMailbox=%s)))
result_attribute= samaccountname #Account from DC
debuglevel = 0
relay_domains:
novanetwork.de lmtp:unix:private/dovecot-lmtp
Thank you for your kind help
best regards
Andreas
signature.asc
Description: OpenPGP digital signature
Am 15.05.2012 13:01, schrieb Wietse Venema:
> Andreas Oster:
>> How can I prevent postfix from doing lookups for domains which are not
>> ours ? This would reduce the amount of LDAP queries quite a lot.
>
> See: man 5 ldap_table. Look for the "domain" parameter.
&
Am 15.05.2012 15:10, schrieb Wietse Venema:
> Andreas Oster:
>> Am 15.05.2012 13:01, schrieb Wietse Venema:
>>> Andreas Oster:
>>>> How can I prevent postfix from doing lookups for domains which are not
>>>> ours ? This would reduce the amount of LD
Am 15.05.2012 15:44, schrieb /dev/rob0:
> On Tue, May 15, 2012 at 09:17:16AM +0200, Andreas Oster wrote:
>> How can I prevent postfix from doing lookups for domains which
>> are not ours ? This would reduce the amount of LDAP queries
>> quite a lot.
>>
>>
Hi rob0,
Am 15.05.2012 15:44, schrieb /dev/rob0:
> On Tue, May 15, 2012 at 09:17:16AM +0200, Andreas Oster wrote:
>> How can I prevent postfix from doing lookups for domains which
>> are not ours ? This would reduce the amount of LDAP queries
>> quite a lot.
>>
>>
nvelope address for messages from this null client. Can this be done?
Thanks,
Andreas
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
signature.asc
Description: OpenPGP digital signature
On 25/07/12 17:45, Andreas Ntaflos wrote:
> Short version: Is there a way to apply recipient canonical mappings (or
> any other mappings that rewrite the envelope recipient) for specific
> SMTP client machines in a null client/central mailhub environment?
So it seems this is really not
In this case I don't think I can implement this in any
other way than with recipient_canonical_maps on the null client itself.
Andreas
signature.asc
Description: OpenPGP digital signature
cipient_canonical_maps we have set recipient_canonical_classes to
"envelope_recipient", so it doesn't touch the mail headers. Isn't that
good enough?
Thanks,
Andreas
signature.asc
Description: OpenPGP digital signature
header lines from the original e-mail except
the
1. recipient lines and
2. the subject
All other header lines are not useful for the sender.
Thanks
Andreas
a decade. Rock solid has never refused to do anything I
wanted and I
can asuure you I have never used more than 5-10% of its abilities. I
have been looking
on Dovecot LDA recently just because of the Sieve language and its
integration
with many front ends (webmail apps etc).
Andreas
il recipies and clamav
options but nothing seems to work well for me.
Thank you in advance for any assistance.
Regards,
-Andreas
Andreas Freyvogel
ecmarket
Customer Solutions Manager
E: afreyvo...@ecmarket.com
P: 604.638.2300 x147
C: 604.603.3319
i?id=53219> to Postfix
2.10. Please can you have a look at it?
Kind regards,
Andreas
--- postfix-2.10.0/src/tls/tls_server.c 2012-05-17 19:15:13.0 +0200
+++ postfix-2.10.0-nosslcomp/src/tls/tls_server.c 2013-05-13 17:09:53.591194385 +0200
@@ -393,6 +393,16 @@
SSL_CTX_set_verify
Thank you Wietse and Viktor for your clarifications.
I admit, there's absolutely no need for the patch past Postfix 2.8 with
OpenSSL 1.x.
Andreas
and for jumping through "stupid hoops" :-).
Regards,
Andreas
One of my mail servers (postfix 2.6) has been target of what seems to
me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only happened once from one particular client and kept going
for some time.
SMTP sessions were coming in o
On 19-06-2013 14:37, lst_ho...@kwsoft.de wrote:
Zitat von Andreas Kasenides :
One of my mail servers (postfix 2.6) has been target of what seems
to me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only happened once from
On 20-06-2013 19:48, Noel Jones wrote:
On 6/20/2013 5:49 AM, Andreas Kasenides wrote:
Apparently there has been some harvesting going on of mail addresses
where everything that has a "@" is picked up. The question is: was
this harvesting from our log files or our mail storage - a ver
SASL authentication." Clearly says
about SMTP sessions. This happens for 2.3+
Andreas
On 18-08-2013 08:32, Theodotos Andreou wrote:
> Hi guys,
>
> I went through the TLS Readme but I couldn't find a clear answer to the
> following question:
>
> Can you configure postfi
Hi there,
On 10/01/13 07:22, Dominik George wrote:
> Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some doamins just over
IPv4 and not IPv6?
thx in advance
-SMA
signature.asc
Description:
ail.ax13.net.
mail.ax13.net. 3600IN 2a01:4f8:d16:4114::2
Andreas
signature.asc
Description: OpenPGP digital signature
is running: 2.9.1-4 (ubuntu precise)
thanks in advance,
Andreas
te of unsolicited mail
originating from
your IP 550-5.7.1 address [...]
Just an idea:
Google is blocking the complete 2a01:4f8::/32AS24940
(HETZNER-RZ-NBG-IPV6-BLK1) and doesn't care abut seperate subnets like
Luigi's 2a01:4f8:d16:2409::/64 or my 2a01:4f8:d16:4114::/64 :-(
Andreas
signature.asc
Description: OpenPGP digital signature
daemon usually do also.
That make the logging more precise when messages are delivered to a filter.
Maybe the patch could included in future versions of postfix.
Andreas
Index: postfix-2.11-20131103/src/pipe/pipe.c
===
--- postfix
y high* message volume ...
running postfix at isp level with 6 milters (via inet) is no problem.
Andreas
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
> smtpd_milters = unix:/spamass/spamass.sock
try a relative pathname:
smtpd_milters = unix:spamass/spamass.sock
chroot or not chroot, it's always relative to the current directory
( postconf ${queue_directory} in most cases )
Andreas
use a 2k dh key at the mx server.
That solved the problem ...
Andreas
Zitat von Viktor Dukhovni :
Any evidence of other legitimate MTAs that now routinely fail TLS handshakes?
no, I don't saw more TLS errors.
There is a usual noise of TLS failures that didn't changed.
Andreas
e"; done
fi
if [ -n "${skip2}" ]; then
exclude2="$(postconf -xh $skip2)"
if [ -n "${exclude2}" ]; then
OIFS="$IFS"; IFS=":,$OFS"
set -- $exclude2
IFS="$OIFS"
for e; do ciphers="$ciphers:"'!'"$e"; done
fi
fi
openssl ciphers -v "$ciphers"
}
correct?
Andreas
Zitat von Viktor Dukhovni :
For bonus points, you could look at "smtpd_tls_askccert" and
"smtpd_tls_req_ccert". If either is set to "yes", append ':!aNULL'
to the raw openssl cipher list.
could you please tell more about that?
Andreas
Zitat von Luigi Rosa :
The main goal is to deliver to ISP SMTP the mail rejected by destination MTA
because it thinks that my MTA is not reliable and the causes of this
rejection cannot be solved.
try smtp_fallback_relay and maybe soft_bounce
Andreas
Thank you
Andreas
Thank you for the reply.
On 05-12-2013 15:26, Charles Marcus wrote:
On 2013-12-05 7:50 AM, Andreas Kasenides wrote:
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_client
permit
Obviously this rejects any requests where the DNS (forward
dealing with internal LDAP
and DB servers which essentially house personal information.
I am very interested to find out how others deal with this conflict in
an SMTP centric set-up.
Thank you.
Andreas
On 06-12-2013 12:01, Robert Sander wrote:
On 06.12.2013 10:13, Andreas Kasenides wrote:
The scenario is a classic one:
1. one or more relay SMTP servers in DMZ
2. one or more backend SMTP servers on the inside network
3. There may or may not be separate incoming or outgoing designated
SMTP
min) I would not even consider (non-FOSS) Exchange for a
second. Executives of course
know-it-all-can-do-it-all type always win! That is why I am looking into
retirement the
soonest!!
Thanks
Andreas
Am 15.12.2013 22:08 schrieb Patrick Ben Koetter:
> % unbound-control flush
I prefer "unbound-control flush_zone " because "flush" don't flush TXT
Andreas
rver that is only Trusted but not Verified)
Andreas
eal name in the header
section.
Regards
Andreas
My opinion (slightly off topic but very relevant) having read the thread
carefully:
It is obvious that the English speaking world does not want to abandon
ASCII. For their own reasons.
If you want an RFC (or any project for that matter) to f
Hello,
the documentation to these parameters refers the NSA website. However
the links are broken.
Also I don't feel very comfortable these days if postfix uses crypto
approved by NSA :-/
Andreas
Zitat von wie...@porcupine.org:
Postfix 2.11.0 stable release candidate 1 is uploaded to ftp.porcupine.org
and will appear on mirror sites in the next 24 hours.
2.11x is running here on different hosts without problems.
Andreas
Hello,
I have to add a "Reply-To" Header in (smtp-) submitted messages.
Adding it unconditionally using PREPEND result in messages with more
then one instance
of this header which violates RFC5322.
Is there a way to add a header _only_ if not present?
Thanks
/new.example.com/cert+intermediate.pem
Andreas
check your own identity card to prove that you are you? )
But I assume your problem is consistent behaviour.
If that is the point you have to split mail flows:
* separate system signing all submitted messages
* separate system validating any inbound messages.
Andreas
eases/)
Andreas
for the question.
I also needed such feature some times.
# postbounce
Andreas
. Maybe it could be included in postfix
some day.
usage: master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission_with_dsn
-o smtpd_force_dsn_on_success=yes
Andreas
Index: postfix-2.11.0/src/global/mail_params.h
Birta Levente:
Why not just delete from the queue?
from senders perspective that message is lost.
sometimes it's useful to clear bounce back to sender.
Andreas
Birta Levente:
Yes, but you sould give some reason why is bounced ... which IMHO is
something permanent ...
good point!
# postbounce
so you just set up one time some map and no more care about that problem.
just this is unwanted and the reason for the request.
Andreas
Wietse Venema:
> Assuming that you haven't configured a global policy of "all mail
> deliveries shall use TLS",
that's exactly the limitation Peer has in mind.
Andreas
e your suggested solution.
Andreas
would sometimes be useful to
postbounce
Andreas
wietse:
But wait, there is more
does not sound like an easy job.
just an idea: if the timestamp of a queuefile is relevant, could a
changed time
of a queuefile be interpreted as "bounce immediately" ?
for example timestamp to a fixed date near 1.1.1970
Andreas
LuKreme:
> OK, what is pfqgrep? I don't see it in my ports tree?
see http://www.arschkrebs.de/postfix/scripts/
lists:
To get a "+", the descriptions says:
"Your system requires authentication (AUTH) on port 587 before the
MAIL FROM command is issued"
that is pure nonsense
+1
you cannot enforce any client to not send any command.
but you can enforce proper answers.
Andreas
...
-o smtpd_milters=${dkim_milter},${dmarc_milter}
sumbission inet ...
-i smtpd_milters=${dkim_milter}
this master.cf is much more selfexplaining.
Andreas
end to you because they try/have only a
higher protocol version.
But these should fallback to plaintext anyway.
Andreas
Alexandre Ellert:
I'm going to test by adding a first useless header in the policy
server and see if things works in the milter.
also consider using a milter based SPF checker. Lock at the
opendmarc-users archive for suggestions.
Andreas
Robert Schetterer:
> > openssl 0.9.8j and Postfix 2.11.1.
> maybe a suboptimal mixture
any hint's to build postfix + openssl-1.x on a system based on openssl-0.9.x ???
I also avoided building openssl from source for good reasons over the last
years.
But I'm open to try.
Andreas
Viktor Dukhovni:
> It may be simpler to upgrade your system.
yes, upgrade would be best but sometimes,
older crypto is not as painfull as it should be
Andreas
ot;dane").
This suggestion makes sense
People just want to know the overall channel security status.
yes, I mostly like to distinguish plain vs. TLS
The "security" element can either be always present,
with "none" to signal non-TLS delivery, or simply absent to signal the same.
As admins have to adjust logfile parser anyway, I would prefer version #1
Andreas
3 08:43:10 2014
Hello Wietse,
I wonder about changes in tls_server.c !?
Andreas
ck if you test the right way at all.
Andreas
e.
> > Are there other situations postfix has to recode a message?
> No.
good
Thanks,
Andreas
1 - 100 of 191 matches
Mail list logo
