On 05/08/2010 06:50 PM, Wietse Venema wrote:
ed:
can someone beat me with a clue bat to get me started in the right
direction to best practice to stop; " root+:|" exploits
(or is this something that I should move over to spam-l, or some other spot?
You run an MTA that
/submission_policy, permit_sasl_authenticated, reject
local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf
submission_data_restrictions = check_policy_service
unix:private/submission_policy
smtpd_tls_cert_file = /etc/pki/tls/private/localhost.pem
mynetworks_style = class
Ed
Wietse:
I am using amavisd which hooks into spamassison.
Did not find any references to sendmail using fgrep for any of the directories
In the main.cf the only references are the paths to sendmail.
Ed
>
> From: Wietse Venema
>To: Postfix user
l to b with me in cc.
>>me sends mail to everyone in the email headers
I am asking how to stop this behavior.?
I tried in an earlier attempt to post my postconf contents here but was
rejected due to size.
Thanks
Ed
Hi Victor,
I have requested the info from site1.
I looked for the SMTP RCPT TO command in the man file.
Could you provide a hint as to the configuration parameter?
Ed
>
> From: Victor d'Agostino
>To: postfix-users@postfix.org
>Sent:
>Ok...
>
>
>On Mar 19, 2013, at 6:17 AM, Ed wrote:
>
>> I have requested the info from site1.
>>
>
>From your initial description, it appears the problem is with site3. Site1
>information will probably not be helpful.
>
>> I looked for the S
_
> From: Larry Stone
>To: "postfix-users@postfix.org Users"
>Sent: Tuesday, March 19, 2013 9:52 AM
>Subject: Re: Duplicate Emails Sent
>
>On Tue, 19 Mar 2013, Ed wrote:
>
>> I have control over the site3 SMTP where the problem is. It is recent
>> insta
Thanks Noel,
I am going to set up a defined test and look into sendmail/procmail thoughts
Ed
>
> From: Noel Jones
>To: postfix-users@postfix.org
>Sent: Tuesday, March 19, 2013 12:41 PM
>Subject: Re: Duplicate Emails Sent RESTATED
>
>
Thanks for the insight Larry.
I think that some work nee3ds to be done on the filter at 100026
Ed
>
> From: Larry Stone
>To: "postfix-users@postfix.org Users"
>Sent: Tuesday, March 19, 2013 1:10 PM
>Subject: Re: Duplicate Emails
Hello,
What do people use for simple throughput/relay/bounce graphing?
RRD based would be nice.
--
Best regards,
Ed http://www.s5h.net/
the first one? The uses for this are slim, but I have a case where I
need to wait half a min before sending an email and right now this
causes a bit of wriggle doing it in the application - would be nice if
postfix would delay all emails delivered in a certain way for 30 seconds
before sending them?
Possible?
Ed
r your timeout is set to) and then 5 days later gets a notice
about an email they probably forgot they wrote by then...
Instant rejection would be helpful for some mis-smellings (I already
have a small transport map which maps to "ERROR: probably you mistyped
that email address?")
Ed
ated by
much longer intervals than 30 seconds).
>From what you say I think we need to keep implementing this delay in the
application
Thanks
Ed
Anyone got any good recipes for restricting mail in the case of mail
apparently sent FROM a local address, TO the same local address, apart
from obviously writing a policy server?
(It's to try and tighten up some checks on high probability spam)
Thanks
Ed W
entropy using the EGD protocol (helpful for virtualised server pools)
(No relationship other than happy customer)
Ed W
Hi, I'm using postfix 2.5.7 and having some trouble with the server
domain being appended to incomplete sender addresses. I have set
# postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header
append_at_myorigin = yes
append_dot_mydomain = no
local_header_rewrite_clients =
mydo
Wietse Venema wrote:
Ed W:
Hi, I'm using postfix 2.5.7 and having some trouble with the server
domain being appended to incomplete sender addresses. I have set
# postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header
append_at_myorigin = yes
append_dot_mydomain
Ed W wrote:
Wietse Venema wrote:
Ed W:
Hi, I'm using postfix 2.5.7 and having some trouble with the server
domain being appended to incomplete sender addresses. I have set
# postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header
append_at_myorigin
Wietse Venema wrote:
Ed W:
To clarify the question - the goal is if someone connects via the
network (not local sendmail command) and the transcript says "RCPT TO:
" that this is subsequently bounced as being an invalid
To summarize my other response, by definition
internet connection with 2,400 baud speeds costing $1.50/min. We have a
fairly precise setup which maximises speed and minimises cost.
So, is there some way to please configure postfix to *bounce* domainless
addresses?
Thanks
Ed W
hout noticing - easily done
I think?)
In general it's useful for machines to "do the right thing" and at least
in my situation this means bouncing the email rather than delivering (I
concede that others may prefer something else)
Thanks
Ed W
Wietse Venema wrote:
Ed W:
Wietse Venema wrote:
If you don't want to receive mail for domain-less addresses then
say so, instead of coming up with the wrong solution for the wrong
problem.
OK, "I want to accept most emails over smtp and then later bounce emails
w
Wietse Venema wrote:
Ed W:
Wietse Venema wrote:
If you don't want to receive mail for domain-less addresses then
say so, instead of coming up with the wrong solution for the wrong
problem.
OK, "I want to accept most emails over smtp and then later bounce emails
w
1234) to do the internal
relaying so that I can skip some steps when I re-inject on the final
server (performance tweak only, eg don't spam scan again)
In this way any of the backend servers can also serve as a frontend
server, accept mail and route it to the final destination. Similar
tweaks can be done with Dovecot proxying to have the pop/imap servers
act as a mixed frontend/backend setup.
Good luck
Ed W
cause. The output below, many thanks in advance.
I find the pfqueue utility very helpful for managing the queue...
Good luck
Ed W
looped several times and examine
all the received headers - this normally gives you a clue on the message
path and you can work back from there to understand the rules causing it
to loop
My best guess would be the exchange autoforwarder is doing something
unexpected
Good luck
Ed W
ic A
record names, followed by a connection to the destination server to
check the mail banner if we aren't 100% sure?
Grateful for better ideas from those who have tried to tackle this?
Thanks
Ed W
look like..?
I think you are saying that cidr map would make more sense here anyway?
Could/should the docs perhaps be updated to show that suggestion?
Thanks for postfix!
Ed W
On 21/02/2012 19:26, Wietse Venema wrote:
Ed W:
As the OP suggested, a desirable solution would be for the MTA to only
check the various maps to decide a domain is local *after* having done a
DNS check to see if the MX record points "to this machine". ie the end
goal is if the MX rec
port (RFC
aside). I think "may" is a more appropriate default?
Ed W
Enabling TLS costs you $1-3 in additional connect time, plus lack of PPP
compression increases the cost by about a factor of 3. Although we are
clearly not talking about the average user now, I think it would focus
your mind if I asked if you would be happy to increase your monthly
internet bill by a few hundred dollars vs risking going plain text?)
Cheers
Ed W
on't seem to be able to do TLS anymore... Vodafone requires
that you use submission in the UK by blocking port 25, so it's helpful
to be able to use submission without TLS at least until I figure out why
it's not working anymore...
My point was only not *enforcing* it, rather than it sh
On 16/03/2012 11:57, Wietse Venema wrote:
Ed W:
Therefore I'm suggesting that the out of the box config matches the
*RFC*. Then if the mail owner wants to lock it down to some non RFC
suggested spec they can read the instructions.
SHOULD does not forbid mandatory TLS; only a twisted mind
the command line.
What am I doing wrong???
Thank you!
Ed
O.K., thank you.
So, I guess, gnupg won't verify an RSA key?
Perhaps FreeBSD needs a different program other than gnupg or pgp to
verify this type of signature? How do most people verify the package
signature?
Ed
Will,
I *think* I have the key added to my keyring - isn't that what the:
gpg --import wietse.pgp
does???
Ed
less
if it is a RSA or DSA key."
Are you suggesting *I* generate a key or Wietse should generate a new
key and sign the tarballs with?
Ed
OS I
have before it will build?
Suggestions?
Thank you!
Ed
fs" file, right?
I have to execute the patch command from within the same directory
that the makedefs file is also in, right?
Ed
atch.
Thank you Wietse.
Ed
on at the last moment (support
nightmare)
Any pointers?
Thanks
Ed W
of disk space and plenty of inodes. The entire vps is in
one partition, and there's 38% in use and about 2% inodes in use.
My queue_minfree is zero.
Now I'm stumped.
Any assistance helpful.
Best,
Ed G
42 matches
Mail list logo
