When a message is submitted using postdrop, Postfix is obviously aware
of which user submitted it, as it includes the UID in the Received:
header. Is it possible to use this information in a canonical(5)
table, or is a milter required?
Thank you,
Demi
signature.asc
Description: OpenPGP digita
On 2020-09-30 10:08, Wietse Venema wrote:
> Demi M. Obenour:
>
> Checking application/pgp-signature: FAILURE
>> When a message is submitted using postdrop, Postfix is obviously aware
>> of which user submitted it, as it includes the UID in the Received:
>> header.
On 2020-09-30 12:18, @lbutlr wrote:
> On 30 Sep 2020, at 10:04, Demi M. Obenour wrote:
>> while www-data can only send mail as majordomo,
>
> That will simply brea mailing list. Look at the headers from this message,
> for example. Your policy on the postfox.org server would
On 2020-09-30 20:32, Jaroslaw Rafa wrote:
> Dnia 30.09.2020 o godz. 16:35:37 Wietse Venema pisze:
>>With authenticated smtp submission, the envelope.from can be
>>constrained by smtpd_sender_login_maps.
>>
>>With sendmail/postdrop submission the UNIX login name can be
>>overidden wi
On 2020-10-01 08:19, luc...@dds.nl wrote:
> Hello,
>
> I am managing a Postfix mail relay service in our internal network. The
> relay itself is more permissive than the downstream SMTP server. So it
> is possible, and indeed it regularly happens, that my relay accepts a
> message which is subseq
On 2020-10-01 15:18, Ranjan Maitra wrote:
> Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin,
> and says: Connecting to SMTP server: localhost
>
> Looking at the /var/log/maillog as you suggested, I get:
>
> Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in pa
On 2020-09-30 16:35, Wietse Venema wrote:
> Demi M. Obenour:
>> - If a message arrives via the SMTPS or submission ports, I
>> want to replace the address part of the user-supplied From:
>> header with the envelope From: header. This allows me to use
>> reje
On 2020-10-04 19:55, Wietse Venema wrote:
> Demi M. Obenour:
>
> Checking application/pgp-signature: FAILURE
> -- Start of PGP signed section.
>> On 2020-09-30 16:35, Wietse Venema wrote:
>>> Demi M. Obenour:
>>>> - If a message arrives via the SMTPS or sub
On 10/5/20 10:51 AM, Wietse Venema wrote:
Demi M. Obenour:
On 2020-10-04 19:55, Wietse Venema wrote:
Demi M. Obenour:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
On 2020-09-30 16:35, Wietse Venema wrote:
Demi M. Obenour:
- If a message arrives via the SMTPS
On 10/5/20 6:15 PM, Wietse Venema wrote:
Demi M. Obenour:
There was a recent vulnerability in OpenBSD due to libc malfunctioning
in a set-uid-root program under very low resource limits. I would
prefer to minimize the amount of third-party libraries that are used
by postdrop. That said
On 10/6/20 9:47 AM, Wietse Venema wrote:
Demi M. Obenour:
Patch (made against 3.5.7) attached. I lightly tested it locally and
it seems to work, but there could very well be bugs. I am virtually
certain that I violated the Postfix coding style somewhere, sorry.
I can also send the patch
On 10/6/20 12:46 PM, Wietse Venema wrote:
Demi M. Obenour:
On 10/6/20 9:47 AM, Wietse Venema wrote:
allow 'not found' users, similar to smtpd_sender_login_maps
Would it be possible to make this configurable? The documentation
seems to imply that reject_sender_login_mismatch cons
On 10/6/20 4:23 PM, Wietse Venema wrote:
Demi M. Obenour:
On 10/6/20 12:46 PM, Wietse Venema wrote:
For me, 'not found' also includes the case that the user is not found
in the passwd file.
By "allow 'not found' users", do you mean that such users will
autom
curity features, such as DANE, which are lacking
in OpenSMTPD. Finally, Postfix has far more flexible authentication
and header processing.
Wietse Venema, thank you for your years of hard work on Postfix.
If any of the OpenSMTPD developers read this, I hope it provides some
ideas for i
On 10/8/20 8:25 AM, Wietse Venema wrote:
Demi M. Obenour:
On 10/6/20 4:23 PM, Wietse Venema wrote:
If the feature is turned on then there should probably be a
default action for users not listed in the table (deny or allow).
Its not going to be pretty when only the numerical UID is avaialble
On 10/8/20 3:19 PM, Wietse Venema wrote:
Demi M. Obenour:
On 10/8/20 8:25 AM, Wietse Venema wrote:
Demi M. Obenour:
On 10/6/20 4:23 PM, Wietse Venema wrote:
If the feature is turned on then there should probably be a
default action for users not listed in the table (deny or allow).
Its not
On 10/9/20 1:06 PM, Demi M. Obenour wrote:
> On 10/8/20 3:19 PM, Wietse Venema wrote:
>> Demi M. Obenour:
>>> On 10/8/20 8:25 AM, Wietse Venema wrote:
>>>> Demi M. Obenour:
>>>>> On 10/6/20 4:23 PM, Wietse Venema wrote:
>>>>>&
On 10/9/20 8:45 PM, Wietse Venema wrote:
> Ron Wheeler:
>> I am also the family genealogist and just moved to Gramps from FTM.
>>
>> I am not sure what "multiple from addresses" actually means. It is not
>> possible for an email to come from more than one email address at a time
>> in reality.
>
On 10/9/20 9:48 PM, Viktor Dukhovni wrote:
>> What are the semantics of a From: header with multiple addresses?
> The message purports to be the work of multiple authors. Such a message
> is required to have a "Sender" header, but in most cases that constraint
> is unlikely to be enforced.
I love
On 10/9/20 11:06 PM, Viktor Dukhovni wrote:
> On Fri, Oct 09, 2020 at 10:59:33PM -0400, Demi M. Obenour wrote:
>
>> I love DKIM, but it should have been on the Sender header and not
>> the From header. However, for that to work, MUAs would have had to
>> display somethin
On 10/15/20 3:44 AM, Dara Poon wrote:
> (Well, that was embarrassing! I had a Spamassassin milter on outbound mail
> that tagged my own message as a false positive. Sending it again for
> readability. Sorry!)
FYI, GMail considered both the original message and the resend to be spam as
well.
On 10/16/20 8:57 AM, @lbutlr wrote:
> On 13 Oct 2020, at 22:47, Zsombor B wrote:
>> I know this is a complicated question but what/where do you see possible
>> bottlenecks in postfix?
>> Is it CPU? RAM? Disk IO?
>
> In theory? Sure, any of those could be a bottle neck. On actuality, the
> bottl
On 10/16/20 2:10 PM, Viktor Dukhovni wrote:
>> On Oct 16, 2020, at 3:14 PM, Demi M. Obenour wrote:
>>
>> I don’t recommend stock OpenSMTPD for security reasons, although I
>> have some patches that make it much better in this regard. However,
>> all of those relat
Should I submit another patch? In addition to adding
local_sender_login_maps, I have fixed what appeared to be a bug in
the current postdrop and sendmail commands: root and $mail_owner were
not automatically allowed to submit mail. Since this is inconsistent
with similar checks elsewhere, I belie
On 10/16/20 9:24 PM, Viktor Dukhovni wrote:
> The practical limit to the deferred queue size is therefore ~2 days of
> throughput, and depends heavily on the per-delivery latency. If
> delivery failures are slow (tarpitting or otherwise slow destinations)
> the impact is greater.
Can the latency
On 10/17/20 1:23 AM, Viktor Dukhovni wrote:
>> On Oct 17, 2020, at 3:09 AM, Demi M. Obenour wrote:
>>
>>> The practical limit to the deferred queue size is therefore ~2 days of
>>> throughput, and depends heavily on the per-delivery latency. If
>>> de
On 10/17/20 11:34 AM, Wietse Venema wrote:
> Demi M. Obenour:
>> Should I submit another patch? In addition to adding
>> local_sender_login_maps, I have fixed what appeared to be a bug in
>> the current postdrop and sendmail commands: root and $mail_owner were
>> n
Just FYI, GMail marked this mail as spam.
Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
On 10/17/20 6:42 PM, Wietse Venema wrote:
> Jaroslaw Rafa:
>> Dnia 17.10.2020 o godz. 18:25:13 Wietse Venema pisze:
>>> For the port
>>> 25 MTA-to-MTA service one can then reject all mail from a remote
>>> site that claims to be from a local user.
>>
>> That's not a good idea. Assume domain.com is
On 10/17/20 6:25 PM, Wietse Venema wrote:
> Demi M. Obenour:
>>> BTW I realized that I swapped the semantics of smtpd_sender_login_maps
>>> (a mapping from sender address to the login names that are allowed
>>> to use that sender address) when we were discussing the p
On 10/19/20 3:29 PM, Jaroslaw Rafa wrote:
> Dnia 19.10.2020 o godz. 21:12:20 John Fawcett pisze:
>> Sorry not to be able to give a definitive answer. Typical mail injection
>> via php will use a script that already calls the php mail function or
>> similar functions that open the smtp connection. B
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least postfix
> in this specific case) you might look at RPZ as a way of rewriting just a
> single record in the zone: https://www.dnsrpz.info/
You can also use a local validating recursive r
On 10/20/20 8:20 PM, IL Ka wrote:
>>
> /index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1
> That is fine: networks are constantly scanned by bots. They are trying to
> hack any site using well-known vulnerabilities.
>
> I have a lot of similar
On 10/22/20 3:23 AM, Bastian Blank wrote:
> Hi name less
>
> On Wed, Oct 21, 2020 at 10:13:54AM -0700, PGNet Dev wrote:
>> I've online-checked SPF/DMARC records for 'intuit.com'; all _seems_ to be ok.
>> I've cranked up opendmarc logging level to
>> MilterDebug 5
>> with that, on failed attem
On 10/22/20 12:25 PM, Viktor Dukhovni wrote:
>> On Oct 22, 2020, at 2:11 PM, Demi M. Obenour wrote:
>>
>> I know :(
>>
>> This is really a security hole in gmail. Given the popularity of
>> gmail, however, I seriously suggest somehow treating gmail as if it
&g
On 10/22/20 3:35 PM, Bob Proulx wrote:
> Demi M. Obenour wrote:
>> Viktor Dukhovni wrote:
>>>> Demi M. Obenour wrote:
>>>> This is really a security hole in gmail. Given the popularity of
>>>> gmail, however, I seriously suggest somehow treating g
On 10/22/20 12:47 PM, Aki Tuomi wrote:
> Hi!
>
> I stumbled upon a possible bug with postfix. I am using postfix 3.4.14, and
> when I use XCLIENT command over smtps (not starttls), the session gets stuck
> until further input, which causes it to abort the connection due to
> unexpected SSL pack
On Fri, Oct 23, 2020 at 3:26 PM Demi M. Obenour wrote:
> >> "p=quarantine" might be a better choice, but I do consider lack of
> >> DMARC to be a security hole. I certainly don't want someone to be
> >> able to forge mail that claims to be from me.
On 10/24/20 6:38 PM, Viktor Dukhovni wrote:
> On Sat, Oct 24, 2020 at 03:22:28PM -0700, Rich Wales wrote:
>
>> From Viktor Dukhovni:
>>> I don't recall whether you have as yet posted the requested (sans any
>>> reformatting of line breaks) outputs of:
>>>
>>> $ postconf -Mf
>>> $ postconf
On 10/25/20 2:46 PM, Wietse Venema wrote:
> postfix-3.6-20201025 has a preliminary implementation to limit the
> envelope senders that a local user may specify to the Postfix
> sendmail (or postdrop) command. The real work is done in a library
> module, so that similar functionality can later be ad
On 1/16/21 5:12 PM, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Sat, Jan 16, 2021 at 04:48:22AM -0500, Viktor Dukhovni wrote:
>>
>>> On Sat, Jan 16, 2021 at 08:14:34AM +, Alexander wrote:
>>>
My goal is to conditionally select the relayhost based on the total size
of the outgoing m
On 2/2/21 12:39 PM, Leo Bicknell wrote:
> In a message written on Tue, Feb 02, 2021 at 04:54:18PM +, Antonio Leding
> wrote:
>>You're not doin' well son...quit diggin' and go back to rethink your
>>approach. I dare say at least a majority on this list, including
>>myself, will trus
42 matches
Mail list logo
