Re: block spam mail from lan

Am 11.05.2013 14:34, schrieb Pol Hallen: > I don't understand. > > Situation: A real user using browser connect to squirrelmail and send a > mail. It's ok. > > But if this user create a mail bomb using squirrelmail how way to spam I > can have this problem well, nothing can really prevent you fr

Re: Postfix sending issue

Am 03.07.2013 02:34, schrieb Sam Flint: > Jul 3 00:28:41 bell postfix/smtpd[15256]: warning: dict_nis_init: NIS domain > name not set - NIS lookups disabled > Jul 3 00:28:41 bell postfix/smtpd[15256]: connect from localhost[::1] > Jul 3 00:28:41 bell postfix/smtpd[15256]: NOQUEUE: reject: RCPT

Re: exclude 127.0.0.1 from smtpd_tls_auth_only = yes

Am 06.07.2013 15:46, schrieb Pol Hallen: > Thanks all for replies :-) I use linux. > > So, what should be do? I'm confused :-/ > > How clone submission service? * /etc/postfix.master.cf * copy the submission line * change "submission" to 127.0.0.1:588 * add "-o smtpd_tls_auth_only = no" as par

Re: Mail server, what else?

Am 13.07.2013 20:11, schrieb Craig R. Skinner: >> I appreciate if you can give me advise so I can further improve my system. > > No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked > text files, not do dynmaic stuff with root access to the whole box. > Beware! in case of ro

Re: Mails not delivered to maildir.

and it contains "info: postmaster" which defaults to root >> mail from: root >> 250 2.1.0 Ok >> rcpt to: info >> 250 2.1.5 Ok *why* do you not use *full qualified* addresses for testing? > Jul 18 21:06:34 mail postfix/local[633]: 22D9928E172F: to=, > orig_to=, relay=local > seems like it should

Re: Mails not delivered to maildir.

Am 18.07.2013 23:06, schrieb Krzysztof Szarlej: > Ok thank you guys and sorry for not reading the mailing list manual but why then continue top-posting? > Now it works, I deleted the alias for info. add "reject_non_fqdn_recipient" and "reject_non_fqdn_sender" to "smtpd_recipient_restrictions" w

Re: Migrate mail from one drive to another

Am 06.08.2013 21:26, schrieb Leonardo Rodrigues: > After syncing the folders with services stopped and configs already pointing > to the new places, it would be > just a matter of getting services running again ! > > Downtime of maximum 3-4 minutes !!! > > But watch out ... these steps would m

Re: greylisting generates error email?

Am 17.08.2013 19:39, schrieb Grant: > Do you use that config on a commercial mail server? I don't mean to > say that you shouldn't, I'm just wondering if you do. In a commercial > environment, the penalty for a false positive is a customer unable to > reach the company behind the server which j

Re: Server to Server TLS encryption?

Am 18.08.2013 07:32, schrieb Theodotos Andreou: > I went through the TLS Readme but I couldn't find a clear answer to the > following question: surely since postfix in this case is the *xclient* here you go http://www.postfix.org/TLS_README.html#client_tls > Can you configure postfix in a way

Re: Block certain remote hosts on submission port

Am 22.08.2013 14:23, schrieb Charles Marcus: > Now to figure out how to log these firewall rejections to a separate log > file, so I can see them if/when someone > complains about not being able to connect nothing easier than that * the first rule logs with rate-control to avoid self-DOS * the

Re: Disable root email

Am 23.08.2013 14:29, schrieb Roman Gelfand: > How can I disable postfix from sending administrator email > notifications. ie from: r...@domain.com to: r...@domain.com? why would you want to do this? disable the root cause producing the messages instead break the MTA - postfix job is to send mes

Re: Logging Bounces

Am 29.08.2013 19:27, schrieb Roman Gelfand: > Is there a way to add more info to "status=bounced" entries? For > instance, I would like to see the from email and subject on the same > line. grep for "83A7643CEB" and you get from address and all sort of details like the sender, client-IP and info

Re: newbie check Was [Re: port 25 submission settings sanity check]

Am 29.08.2013 21:34, schrieb Glenn English: > I'm under the impression that 587 is to be used by my local users > (email clients to local MTA), and 25 is used by MTA<->MTA. Is this wrong? correct > And /etc/services says: > >> auth 113/tcp authentication tap ident > > not 587

Re: Anyone use this email server configuration ?

Am 02.09.2013 22:55, schrieb LuKreme: > On 02 Sep 2013, at 07:10 , Littlefield, Tyler wrote: >> Second, you'll need to encrypt your harddrive, which I doubt this whole blog >> covers. > > Encrypting your hard drive is trivial, at least in OS X and, I hear, even in > Windows. and after that?

Re: Anyone use this email server configuration ?

Am 02.09.2013 23:13, schrieb LuKreme: > On 02 Sep 2013, at 15:02 , li...@rhsoft.net wrote: > >> Am 02.09.2013 22:55, schrieb LuKreme: >>> On 02 Sep 2013, at 07:10 , Littlefield, Tyler wrote: >>>> Second, you'll need to encrypt your harddrive, whic

Re: mail delivery to Inbox , not to spam

Am 11.09.2013 10:51, schrieb Vishal Agarwal: > How can I be sure that the email send through my server to anybody should > delivered to recipients inbox; not to the spam folder. Where all the > default settings are used in recipient inbox. you as sender are not the one who decides what at the d

Re: Rejecting mail to unknown users

Am 11.09.2013 16:52, schrieb Kris Deugau: > Mark Goodge wrote: >> It might help if you explained why you want to do this. What particular >> problem is being caused by your internal users getting an error message >> instead of a bounce? > > Some idiot mail clients (*cough*ManyversionsofOutlook*c

Re: Dealing with outages

Am 11.09.2013 20:19, schrieb Jeroen Geilman: > On 09/09/2013 09:27 PM, Wietse Venema wrote: >> Postfix does a hard bounce when the DNS server replies that the >> name has no MX record AND the DNS server replies that the name has >> no A record, AND (if Postfix IPv6 support is on) the DNS server >

Re: Do not forward spam

Am 20.09.2013 18:12, schrieb azurIt: > Blocking emails based on spam filters are always wrong says who? > Spam recognition will NEVER be 100% nothing will 100%, nowehere > there are always false positives yes, and there are some 100 times more spam > We are accepting all emails and filter th

Re: Do not forward spam

Am 20.09.2013 22:10, schrieb azurIt: >> Am 20.09.2013 22:03, schrieb azurIt: >>> One note to all fans of 'spam filters rejecting' here: Did you even notice >>> that >>> NO ONE of big e-mail providers are rejecting messages based on standard >>> spam filter techniques? >>> Google, Yahoo, Micros

Re: Do not forward spam

Am 20.09.2013 22:03, schrieb azurIt: > One note to all fans of 'spam filters rejecting' here: Did you even notice > that > NO ONE of big e-mail providers are rejecting messages based on standard spam > filter techniques? > Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them hav

Re: need to purge clamav from postfix configuration

Am 21.09.2013 17:25, schrieb DTNX Postmaster: > +1 on using Debian ClamAV packages without any problems. We use the > milter package to integrate it with Postfix, using unix sockets. > > The problem people generally run into with unix sockets is one of > permissions. The milter socket needs to

Re: postfix multi-domain relay recipient verification problem with DNS and internal IP

Am 30.09.2013 12:21, schrieb no@s...@mgedv.net: > syslog entries as follows: > postfix/smtpd 2013-09-30 10:45:23 NOQUEUE: reject: RCPT from > mail.xxx.yyy[222.222.222.222]: 450 4.1.1 : Recipient address > rejected: unverified address: Address verification in progress; > from= to= proto=ESMTP hel

Re: postfix multi-domain relay recipient verification problem with DNS and internal IP

Am 30.09.2013 12:59, schrieb no@s...@mgedv.net: >> normally you would have internal and external DNS views >> >> however, dnsmasq can use /etc/hosts and forward all other requests to a >> specific DNS and so you would point /etc/resolv.conf to 127.0.0.1 > > i know it's possible to fake DNS recor

Re: postfix hardening - what can we do?

Am 04.10.2013 13:43, schrieb LuKreme: > On 03 Oct 2013, at 12:48 , micah wrote: >> Providing a TLS-wrapped, from the beginning, port is better than offering >> STARTTLS. > > No, it really isn’t. > > I’m not clear on what problem you ae trying to solve. You seem to want “mo > security” without

Re: Google rejecting IPv6 mails

Am 07.10.2013 19:15, schrieb Erwan David: > No Google is really rejecting emails in IPv6 because of a lack of PTR... as virtually everbody else does for IPv4 why should someone handle IPv6 different? if you have no PTR do not deliver emial

Re: Google rejecting IPv6 mails

Am 07.10.2013 19:42, schrieb Erwan David: > Le 07/10/2013 19:38, li...@rhsoft.net a écrit : >> >> Am 07.10.2013 19:15, schrieb Erwan David: >>> No Google is really rejecting emails in IPv6 because of a lack of PTR... >> as virtually everbody else does for IPv4 >

Re: Google rejecting IPv6 mails

Am 07.10.2013 20:30, schrieb Erwan David: > Le 07/10/2013 20:24, li...@rhsoft.net a écrit : >> >> Am 07.10.2013 19:42, schrieb Erwan David: >>> That's a matter of policy, if you cannot afford to loose legitimate >>> email, you may. >> show me one

Re: Google rejecting IPv6 mails

Am 07.10.2013 20:47, schrieb Erwan David: > Le 07/10/2013 20:37, li...@rhsoft.net a écrit : >> Am 07.10.2013 20:30, schrieb Erwan David: >>> Le 07/10/2013 20:24, li...@rhsoft.net a écrit : >>>> Am 07.10.2013 19:42, schrieb Erwan David: >>>>> That&

Re: Temporarily block domain.tld from sending?

Am 08.10.2013 07:44, schrieb Stan Hoeppner: >> I've removed the script, I stopped ftp (it seems it was ftp'd) >> >> at the time I've posted, I was on a 4" mobile, and, I was looking for a >> stop gap measure to 'stop further damage' from that point > > Understood. For a more permanent solution to

Re: Temporarily block domain.tld from sending?

Am 08.10.2013 11:32, schrieb Manuel Bieling: > On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote: >> i never allowed any webserver in the past 10 years to >> use the sendmail binary for a lot of reasons like header >> injections and so on > > Good, but possibly

Re: Temporarily block domain.tld from sending?

Am 08.10.2013 15:16, schrieb Michael Orlitzky: > On 10/08/2013 01:44 AM, Stan Hoeppner wrote: >> >> Understood. For a more permanent solution to this script problem, you >> may want to consider locking down or disabling the pickup service, and >> configuring all web applications and MUAs to use t

Re: Google rejecting IPv6 mails

Am 09.10.2013 23:54, schrieb James Cloos: >> "ln" == lists@rhsoft net writes: > > ln> show me one legitimate mail server in 2013 without a PTR > > Unfortunately it is not uncommon with v6. because people change configurations in hurry to have ipv6 > I've had to whitelist a number of sites

Re: using different outgoing IP per incoming IP?

Am 10.10.2013 10:20, schrieb Andreas Ziegler: > a postfix server that is listening on more than IP - each for another > internal service - is sending them out to the recipients using one > specific IP. > Is it possible to specify, that mails coming in on IP 1.2.3.4 have to > use another outgoing

Re: seamless postfix migration to a new server

Am 12.10.2013 17:04, schrieb teknet9: > I have many users i can not allow for any downtime (not even few seconds) says who? "not even a few seconds" is unrealistic even at normal operations e-mail is not a real-time messenger > Also i can not loose any single email why should you? you most l

Re: Question on postfix set up: stopping new connections from outside on smtp server

Am 18.10.2013 15:00, schrieb francis picabia: > I'm looking at the logs for an SMTP only service where iptables > should be stopping new connections on port 25, and I'm > seeing connects with no sasl auth. They fail to relay, but > I'd rather we didn't talk to them at all why do you need iptable

Re: disable ipv6 when sending to gmail ?

Am 18.10.2013 17:57, schrieb Dominik George: > Mark Martinec schrieb: >> IMO, instead of working on workarounds, people's efforts would be >> better spent >> on setting up their DKIM and/or SPF, reverse DNS mapping, and making >> sure that >> postfix only binds to an intentionally configured IPv6

Re: Question on postfix set up: stopping new connections from outside on smtp server

Am 18.10.2013 19:48, schrieb francis picabia: > OK, with the syslog entry Noel suggested, I can see traffic has arrived on > submission port. Yet if I grep for the IP connecting, I see no sasl login. > > Oct 18 14:39:24 myserver postfix-internal/submission/smtpd[25329]: > connect from blk-222-1

Re: mxbackup quote

Am 18.10.2013 21:27, schrieb Pol Hallen: > I configurated postfix ad mxbackup. show set a quote forma each domain? *what* are you talking about? that pretty much makes no sense for anybody but you

Re: disable ipv6 when sending to gmail ?

Am 18.10.2013 23:52, schrieb Dominik George: > $ host 2a00:1828:2000:239::2 > 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.3.2.0.0.0.0.2.8.2.8.1.0.0.a.2.ip6.arpa > domain name pointer shore.naturalnet.de. > > $ host shore.naturalnet.de > shore.naturalnet.de has address 89.238.64.147 > shore.naturalnet.de h

Re: Connection refused to local stunnel tunnel

Am 20.10.2013 01:34, schrieb Olaf Marzocchi: > If I use ssl0.ovh.net:25, I get a timeout. If I use port 587, I get "(TLS is > required, but was not offered by host ssl0.ovh.net[213.186.33.20])", so I > opted for SMTPS. > However, Postfix cannot do SMTPS on port 465, so I installed stunnel and I

Re: Connection refused to local stunnel tunnel

Am 20.10.2013 20:33, schrieb Wietse Venema: > Olaf Marzocchi: >> postfix/smtp[2103]: [ID 947731 mail.warning] warning: relayhost >> configuration problem >> postfix/smtp[2103]: [ID 197553 mail.info] 311482A92D: >> to=, orig_to=, relay=none, delay=157834, >> delays=157833/0.01/0.08/0, dsn=4.3.5

EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

postfix/smtp[7411]: warning: TLS library problem: 7411:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316 maybe relevant to "only ECC NIST Suite B curves support"? postfix was compiled against exactly this openssl build as far as i can see fallback to u

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 21.10.2013 23:04, schrieb Viktor Dukhovni: > On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote: > >> postfix/smtp[7411]: warning: TLS library problem: >> 7411:error:100AE081:elliptic curve >> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 21.10.2013 23:40, schrieb Viktor Dukhovni: > On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote: > >>> Instead of improving the world by finally supporting EC, they've >>> made things worse! Previously clients negotiated something other >>

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 21.10.2013 23:49, schrieb li...@rhsoft.net: > i hate it to ask but is there any change postfix avoids ECDHE for such > destinations > in case of this situation and continues to use DHE if the requested curve is > not > available in the linked openssl library? > >>

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 22.10.2013 02:33, schrieb Viktor Dukhovni: > On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote: > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3 > > The author of comment #4 is not getting it. The problem is NOT > that Postfix fails to neg

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 23.10.2013 22:57, schrieb Viktor Dukhovni: > On Tue, Oct 22, 2013 at 06:07:49AM +, Viktor Dukhovni wrote: > > Follow-up, comments after a brief email discussion with Paul Wouters > of RedHat: thank you so much for that! >> * Firstly, client TLS extensions are not possible when the client

Re: EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316

Am 24.10.2013 11:11, schrieb Patrick Lists: > On 10/23/2013 10:57 PM, Viktor Dukhovni wrote: > [snip] >> The problem turns out to be that RedHat's patch did not prune the >> list of curves advertised by the TLS client! They're going to >> update the code to only advertise secp{256,384}r1, which w

Re: Relay Access Denied

Am 25.10.2013 00:50, schrieb Tim Legg: > I tried to send an e-mail from my address on mail.com to my own machine to > test it out. It bounced. Below is the > tail of my mail.log > > postfix/smtpd[12344]: NOQUEUE: reject: RCPT from mout.gmx.net[74.208.4.201]: > 554 5.7.1 : Relay > access deni

Re: How do I track down (mail system configuration error)

Am 29.10.2013 16:23, schrieb LuKreme: > On 29 Oct 2013, at 09:13 , Wietse Venema wrote: > >> % egrep '(warning|error|fatal|panic):' /some/log/file | more > > I forgot about warning and checked egrep '(fatal|panic|error)' > > warning: pipe flag `D' requires dovecot_destination_recipient_limit

Re: How do I track down (mail system configuration error)

Am 29.10.2013 21:27, schrieb LuKreme: > On 29 Oct 2013, at 09:26 , li...@rhsoft.net wrote: >> one reason more why soeone should use LMTP these days >> besides possible security problems and bad performance >> by starting a new process for each delivery > > I'm no

Re: Delays

Am 29.10.2013 21:25, schrieb Roman Gelfand: > The client is thunderbird. Correct me if I am wrong, it appears it 40 > seconds for the client to hand over the email to the server? If so, > where should I troubleshoot? are there maintenance > tasks/configuration changes to improve this situation

Re: Delays

Am 29.10.2013 21:46, schrieb Roman Gelfand: > How did you decide this is a network issue? Connection timed out? > How would you go about determining which router which switch? it's hard to explain how to debug network issues > On Tue, Oct 29, 2013 at 4:33 PM, li...@rhs

Re: Delays

Am 29.10.2013 21:55, schrieb li...@rhsoft.net: > Am 29.10.2013 21:46, schrieb Roman Gelfand: >> How did you decide this is a network issue? > > Connection timed out? [harry@srv-rhsoft:~]$ telnet 96.57.168.248 25 Trying 96.57.168.248... telnet: connect to address 96.57.168.248: C

Re: Delays

ep EF7454059D" to filter anything related to this message from the logfilesand the "delay=31" is most likely because the message was queued on your server for whatever load-reason or because temporary not reachable destination (network, name-resolution, one of them at googles si

Re: CONNECT from localhost[::1]: 454 4.7.1 : Client host rejected: Access denied

Am 30.10.2013 22:42, schrieb Andy Howell: > I'm using openSuSE 13.1 system, running as a virtual machine. I'm not married > to that > disto. I started with CentOS 6.4, but the postfix there is 3+ years old. I > wanted an RPM > based disto with more recent versions. SuSE 13.1 seemed reasonable. I

Re: Getting automated sending feedback from SMTP server

Am 02.11.2013 12:15, schrieb Jeroen Geilman: >> Using php-mailer or any language/api (in [HTTP Server]), I only have >> feedback for connection between servers: "Connection to SMTP server was >> OK", but this is not a proof that my message was really sent. if the send-method() of phpmailer gives

Re: not logging outbound emails

Am 02.11.2013 22:17, schrieb c cc: > In /var/log/maillog, I do not see any outbound emails being logged show logs > only inbound emails show logs > Did I misconfigure anything? who knows your config without a crystal ball and missing "postconf -n"

Re: Getting automated sending feedback from SMTP server

Am 03.11.2013 05:26, schrieb Paul C: > phpmailer, or any other mime class, is not giving you the actual response > code of the end delivery of the email, > unless you are directly sending your email from phpmailer (which is possible > but not intelligent). It can be > confusing to people when th

Re: Postfix still sending bounces

Am 05.11.2013 00:50, schrieb Jim Wright: > On Nov 4, 2013, at 5:03 PM, Ian Evans wrote: >> >> I've read tutorials and the backscatter/local recipient pages and my postfix >> is still sending out bounce message instead of just dropping the >> connections. I want to be a good netizen so want to

Re: Postfix still sending bounces

Am 05.11.2013 12:03, schrieb Jose Borges Ferreira: > On Tue, Nov 5, 2013 at 4:43 AM, LuKreme wrote: >>> Normally, bouncing undeliverable messages is the proper behavior for a good >>> netizen. >> >> *NEVER* Bounce. Ever. >> >> Reject, yes. Bounce? Absolutely never. If you bounce a message to me

Re: force startssl/tls/ssl on sasl login

Am 06.11.2013 23:34, schrieb Benny Pedersen: > nik600 skrev den 2013-11-06 23:19: > >> is possible to force startssl/tls/ssl on sasl login ? > > http://www.faqforge.com/linux/how-to-enable-port-465-smtps-in-postfix-mailserver/ and what has the deprecated smtps to do with the question? how does

Re: Convert all envelope ids to lowercase

Am 07.11.2013 11:32, schrieb Ansgar Wiechers: > On 2013-11-07 Ram wrote: >> Is there a simple way I can configure postfix to convert all Envelope >> From and To addresses to lowercase, before delivery >> >> I believe postfix internally converts all ids to-lowercase while >> doing hash map lookups

Re: postfix 2.7.1 debian - does not query DNS

Am 07.11.2013 12:53, schrieb Simon Loewenthal: > Damned chroot now turned off, and lookups now work like they should have done > :D > > And this nicely solved my RDNS_NONE scoring issue with SA, of course! > > Nov 7 12:49:16 lo postfix/smtpd[15712]: 32FD892: > client=english-breakfast.cloud9.

explicit cipher list

Hi http://www.postfix.org/TLS_README.html#server_tls am i overlooking something or is it not possible to list explcit offered ciphers and their order like dovecot/httpd fro smtpd? i am speaking here about non-MX servers only for submission what i most appreciate in this way of configuration is o

Re: explicit cipher list

thank you for your feedback Am 07.11.2013 23:45, schrieb Viktor Dukhovni: > Postfix provides a more natural user interface in terms of cipher > grades (null, export, low, medium, high). These have sensibly easy > to reason about security properties. > > I've seen many subtle and not so-subtle er

Re: explicit cipher list

Am 08.11.2013 00:50, schrieb Viktor Dukhovni: > On Fri, Nov 08, 2013 at 12:27:13AM +0100, li...@rhsoft.net wrote: > >>> If you MUST muck around with raw OpenSSL cipherlists, the underlying >>> >>> tls__cipherlist >>> >>> parameters

Re: explicit cipher list

than on WinXP which was recently the problem with no time to debug this deeper Am 08.11.2013 02:17, schrieb Viktor Dukhovni: > On Fri, Nov 08, 2013 at 01:05:33AM +0100, li...@rhsoft.net wrote: > >>>>> Note that Postfix will still apply implicit and configured exclusions &g

Re: postfix 2.7.1 debian - does not query DNS

Am 08.11.2013 10:42, schrieb DTNX Postmaster: > $ cat /usr/share/doc/postfix/README.Debian > There are some significant differences between the Debian Postfix packages, > and the source from upstream: > > 1. The Debian install is chrooted by default. > 2. Dynamically loadable map support. > 3

Re: AOL won't even talk to me

Am 08.11.2013 13:45, schrieb mark hardwick: > Pretty much everything is working with my new mail server now. > Google, hotmail etc are all chatting nicely to me, AOL on the other had just > says > > postfix/smtp[31792]: 3DDC64827D: host mailin-03.mx.aol.com[205.188.156.193] > refused to talk t

Re: sasl by sender

Am 15.11.2013 20:50, schrieb Pol Hallen: > Hi all, I've finished to read sasl authentication and I can send email > using it. > > Now I'd like that postfix send the email using the sasl username > (te...@mydomain.com) and not with the sender of email client, because with > 1 sasl authentication,

Re: reject_sender_login_mismatch problem

Am 16.11.2013 19:44, schrieb Pol Hallen: > Hi all :-) I configurated postfix to check if a client is within the > > smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps > > with sasl sender authentication, and: > > smtpd_recipient_restrictions = > permit_mynetworks, >

Re: reject_sender_login_mismatch problem

and where is the complete log of the message you are speaking about in your initial post? you are long enough here to know how debugging works and how it can't work > mydestination = fuckaround what's that? this is not a domain Am 16.11.2013 19:54, schrieb Pol Hallen: > alias_database = hash:/et

Re: How do I link Postfix to OpenSSL?

Am 17.11.2013 17:45, schrieb Juerg Reimann: > At http://www.postfix.org/postconf.5.html#smtp_tls_mandatory_protocols is > mentioned "As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" and > "TLSv1.2". If an older Postfix version is linked against OpenSSL 1.0.1 or > later, these, or a

Re: Diffie-Hellman parameters

Am 17.11.2013 23:36, schrieb Fedor Brunner: > Please increase the size of Diffie-Hellman parameters in > http://www.postfix.org/TLS_README.html > You recommend 1024 bit DH parameters, but for long term protection, > these parameters are too short. > > During ephemeral Diffie-Hellman (EDH) key ex

Re: Client host name resolution

Am 18.11.2013 12:43, schrieb E.B.: > My understanding was clients for whom you see this in the logs: > > connect from unknown[1.2.3.4] > > Do not have a PTR/rDNS set up for themselves. However, I recently tested a > connection (using telnet on the client side, connecting to port 25) from a >

Re: Need Help: Postfix Relayhost Setup and Dovecot

Am 18.11.2013 17:36, schrieb Dominique: > Nov 18 17:10:15 mail postfix/smtp[20654]: 2937521D41: > to=, relay=smtp.isp.es[1.1.1.1]:25, delay=1.1, > delays=0.09/0/0.87/0.18, dsn=5.0.0, status=bounced (host > smtp.isp.es[1.1.1.1] said: 522 Authenticate first (in reply to MAIL FROM > command)) > > I

Re: hiding IP address and such

Am 19.11.2013 00:58, schrieb John Allen: > Is there any good reason to hide IP addresses and domain names etc when post > to this list it is your responsibility to decide what can be disclosed and what not but keep always in mind the more you obfuscate the harder someone can help debug by obfu

Re: TLS timeout

Am 20.11.2013 13:55, schrieb bitozoid: > On Tue, Nov 19, 2013 at 1:32 PM, Brian Evans wrote: >> The smtp client process does not have support for the deprecated smtps >> protocol (465) you are trying to use. > > I have another instance of postfix working against other smarthost > (Exchange in thi

Re: can someone explain this SPF fail to me

Am 21.11.2013 18:40, schrieb jeffrey j donovan: > Greetings, > > Can someone explain this error to me, I have never seen this one before. I > tested my spf records and they seem fine. > >>> : host mail.ncem-pa.org[204.186.202.37] said: 554 >>>5.7.1 : Recipient address rejected: Failed SPF

Re: Do not send mails to addresses with more than 3 dots in username part

Am 22.11.2013 10:12, schrieb Alexander Farber: > I run a Drupal 7 website on a CentOS 6.4 server with > postfix-2.6.6-2.2.el6_1.x86_64. > > In the last few months the amount of fake users trying to register at my > website has increased dramatically - I get > 2 or 3 of such registrations per m

Re: Do not send mails to addresses with more than 3 dots in username part

Am 22.11.2013 12:38, schrieb Alexander Farber: > Thanks, I agree with all general advices... > But for now I just want to stop the flood > (and also Drupal is difficult to modify for me + > I don't want to add CAPTCHA to my > already overloaded reg. form, etc., etc.) zero understanding to refuse

Re: Do not send mails to addresses with more than 3 dots in username part

my last post in this thread because we are going off-topic discard messages on a MTA is the *last resort* if nothing else happens but not the solution for a broken web-app because it is the wrong layer hence even if you insist in "more than 3 dots in username part" this belong to the *web applica

Re: Do not send mails to addresses with more than 3 dots in username part

Am 22.11.2013 15:31, schrieb Alexander Farber: > I've spent last 2 hours with Drupal CAPTCHA module - > the default image and math captchas didn't stop > any spam user at all - I could see fake users > still registering - every few seconds (scary!). > > I have uploaded a russian font then and con

Re: can someone explain this SPF fail to me

-Nachricht ---- Betreff: Re: can someone explain this SPF fail to me Datum: Thu, 21 Nov 2013 18:53:51 +0100 Von: li...@rhsoft.net An: postfix-users@postfix.org Am 21.11.2013 18:40, schrieb jeffrey j donovan: > Greetings, > > Can someone explain this error to me, I have never seen this on

Re: Postfix installation guid

Am 23.11.2013 13:39, schrieb Kranti Kiran Patnaik: > Can someone share a very good postfix 2.10 installation guide for managing > 2-5million emails per day? My current > postfix is unable to handle such large volume as lot of emails are getting > stuck in the incoming folder and thus > the deliv

Re: Postfix installation guid

Am 23.11.2013 15:25, schrieb Kranti Kiran Patnaik: > I am going to have atleast 5 servers now to share the load, how do i split > the MX? > Can you guide me, do you have any documentation? > > On Sat, Nov 23, 2013 at 7:51 PM, li...@rhsoft.net <mailto:li...@rhsoft.net> &

Re: Do not send mails to addresses with more than 3 dots in username part

Am 23.11.2013 20:18, schrieb tejas sarade: > OK, got it. > > Add the following line in main.cf file to add new recipient > restriction which will use pcre table. > > smtpd_recipient_restrictions = check_recipient_access > pcre:/etc/postfix/pcre_recipients, permit_mynetworks,

Re: Do not send mails to addresses with more than 3 dots in username part

Am 23.11.2013 22:48, schrieb Peter: > On 11/24/2013 08:25 AM, li...@rhsoft.net wrote: >> >> have fun with "reject_unauth_destination" too late and >> "check_recipient_access" says "PERMIT" instead "DUNNO" >> >> a major

Re: malformed mx record

nobody said that anywhere if they receive mails from other senders that senders are *not* using DNS and ignore the MX Am 05.12.2013 15:26, schrieb Roman Gelfand: > I am not sure I understand. I am sending out email from postfix. > Postfix looks up the target domain mx record. Are you saying the

Re: Postfix smtp relay in DMZ

Am 06.12.2013 10:13, schrieb Andreas Kasenides: > The scenario is a classic one: > 1. one or more relay SMTP servers in DMZ > 2. one or more backend SMTP servers on the inside network > 3. There may or may not be separate incoming or outgoing designated SMTP > servers. > > Now the desired functio

Re: Design details of high performance dovecot cluster

Am 06.12.2013 11:32, schrieb JEHERUL: > Currently we are running a mail system for 1 users each 2GB mailbox. At > present we have 5 mail servers where > users mailboxes are distributed almost uniformly. We have a HP SAN Storage > (HP EVA 6400) where mailboxes are > stored. We partition the

Re: Misdeliveries of messages

Am 09.12.2013 20:03, schrieb LuKreme: > In our previous episode (Monday, 09-Dec-2013), Wietse Venema said: >> Instead, you need to eliminate all characters except those that are >> known to be safe: a-zA-Z0-9_@:=+, the '-', and maybe a few more. > > what about é and ø? Or aren't we utf-8 clean o

Re: Misdeliveries of messages

Am 10.12.2013 15:18, schrieb LuKreme: > In our previous episode (Monday, 09-Dec-2013), "li...@rhsoft.net" said: >> * the local part must not contain special chars > > Is that your policy or are you claiming that is a standard? it is fact > RFC 6530 covers UTF-8

Re: Misdeliveries of messages

Am 11.12.2013 14:37, schrieb Marcin Szymonik: >> The real fix is not to process the above commands with the shell. > > Thanks for these tips too. > > I decided to popen() directly to sendmail without saving a message to tmp > file. > Unfortunately I don't see any php function allowing to popen

Re: Misdeliveries of messages

Am 11.12.2013 14:49, schrieb M.Atıf CEYLAN: > On 11-12-2013 15:37, Marcin Szymonik wrote: >> Unfortunately I don't see any php function allowing to popen without >> executing a command with the shell. > There are some functions in php to executing shell or another program. exec, > system or pi

Re: Is it possible to verify "from:" header addresses?

Am 14.12.2013 00:18, schrieb Adam Moffett: > We're doing sender verification for our local domains, so a message sent from > "f...@plexicomm.net" gets rejected. > A message with an envelope sender of "va...@spammer.com" with a from: header > of "f...@plexicomm.net" gets > accepted. Is there a w

Re: new postfix on centos 6.5

Am 14.12.2013 16:19, schrieb Danil Smirnov: > Joni, thank you very much! > > Now I've found several RPMs but I don't know their creators - so they > are very unsecure for me... May by you can point me to some official > source for such RPMs? > > Another option is to build postfix from sources..

Re: Is it possible to verify "from:" header addresses?

Am 16.12.2013 19:30, schrieb Adam Moffett: > >>> We're doing sender verification for our local domains, so a message sent >>> from "f...@plexicomm.net" gets rejected. >>> A message with an envelope sender of "va...@spammer.com" with a from: >>> header of "f...@plexicomm.net" gets >>> accepted.

  1   2   3   4   5   6   7   8   9   >