mouss wrote:
and if the probes use multiple TCP connections (if the pop server
disconnects after a failure), then he can use rate limiting in his
packet filter if supported ("recent" in iptables, "overload" in pf).
here is an example using iptables recent module:
http://lists.opensuse.org/open
Steve Crawford wrote:
postmas...@klam.ca wrote:
I don't currently own a blackberry, but am thinking about getting one
(the Obama effect). A friend who works in the Cellphone business has
warned me that if I just setup the BB to go get my email from my postfix
server this will treated as internet
mouss wrote:
and if a spam filter blocks/discards/quarantines mail because of this,
it is the filter that should be blamed.
I use this setup for detecting Backscatter. Until now without problems,
but it's difficult to know.
Hello everyone,
I created a second cleanup for the submission service to have separate
header checks from incoming emails.
cleanup-out unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/header_checks-out
-o body_checks=pcre:/etc/postfix/bod
Noel Jones wrote:
To fix this, just add
-o receive_override_options=
(ie. an empty value)
to your submission service.
Now it's working.
Thanks.
rafael.
Received: from icbu211.cnmail.cnh.yahoo.com
(icbu211.cnmail.cnh.yahoo.com [119.42.242.94])
by farallon.riovia.com (Postfix) with ESMTP id B80472581C6
for ; Sun, 7 Feb 2010 12:31:03 -0200 (UYST)
Received: from localhost (localhost [127.0.0.1])
by icbu211.cnmail.cnh.yahoo.c
strictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
>
> but no proposed values for those.
These lines are commented out. Did you uncomment them in master.cf? If you
didn't, then you are probably keeping global values from main.cf for these
parameters without overriding them.
--
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 14.06.2021 o godz. 09:51:30 Linda Pagillo pisze:
>
> Any other ideas of what may be causing this?
Is it possible that the client is trying STARTTLS (and not TLS-wrapped SMTP)
on port 465?
Have you tried a different mail client instead of Outlook?
--
Regards,
Jaroslaw Raf
now have a formal business
justification to be not compliant with the mentioned security guidelines -
because they will be unable to communicate with their customers if they
comply.
That's just how the corporate bureaucracy works...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a
t; failure, with the time stamp as the only link between both.
Well, maybe I'm using quite old versions of Postfix and Dovecot, but with
default logging setup on Debian plus "auth_verbose=yes" in Dovecot config I
get in /var/log/mail.log lines like:
Jul 30 23:15:17 rafa postfix/smtpd
elps. At least they will know :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
7;t
> really know. Whatever SASL layer Postfix is using obviously must
> know, but it is likely not to log it.
I have asked this already here, but nobody replied. Maybe I try again :)
When and why was the logging regarding AUTH failures changed? Because in
quite old version of Postfix I ca
t it doesn't let
> you see anyone else's content. Wierdly unhelpful.
I vaguely remember that this topic has been discussed several times on
mai...@mailop.org mailing list. I highly recommend this mailing list for
dealing with deliverability issues.
--
Regards,
Jaroslaw Rafa
r...@r
es seem to enable DKIM signing for them
> (via the milter application that I've configured), it still does not
> apply any header checks to them.
If you are able to apply a milter to them, you can write a milter that
rewrites those headers.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
to include some.domain
literally in your regular expression, then it won't match again on the
already transformed address, which does not contain some.domain.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once ther
essage in mutt, it puts the
e-mail address of the original sender (not you) at the beginning of the
subject of the forwarded message.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she
ix should outright reject the
message without trying to deliver it.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
tant one) and there's no reason to
replace them (or sometimes there isn't even anything to replace them with).
The concept of trusted hosts/networks has a reason behind it and cannot be
abandoned so simply...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids
ion.outlook.com). The *client* address in your case is
mx0f-00376703.gpphosted.com, so it is *not* from domain dhs.gov. So it was
not whitelisted.
As far as I know, there's no option to whitelist *sender* addresses in
postgrey.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a m
this check for authenticated users (ie. submission ports).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
own
reject_unknown_helo_hostname is known to produce quite a lot of false
positives, and it is not recommended to use this restriction.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
you
should try to configure an email client like Thunderbird and check email
sending/receiving with it.
Not everything at once!
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with
19/0.01/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0
V/yJDH9grmHtmgAAdabr2Q Saved)
Dec 6 19:11:59 softlinksys postfix/qmgr[38286]: 04E4CA06C5: removed
It's only strange why your qmgr is logging empty "from", and lmtp empty
"to". But this message should be somewhere on you
(eg. Postfix) usually use.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ut yes, Google IS dumb enough to do so.
> If so, given they allow spammers virtually free range to send FROM
> gmail this is a bit hypocritical.
100% agree.
They simply don't care about anyone that isn't using Gmail.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In
7;s what PSL is for -
to specify which domains should *not* be mixed up with one another.
Don't defend Google's email service, it's already so bad that it's not worth
defending...
Friends should not let friends use Gmail - that's all that can be said about
it.
--
Regar
y what Public Suffix List is for. It lists all such domains.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ries do not use any generic SLDs under country's
TLD (at least not mandatory ones), but just allow to register names directly
under country's TLD, like somename.de, somename.hu, somename.nl etc.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
on procedure and policy, and maybe be
able to demonstrate a bunch of actual independent subdomains registered
under this domain, run by someone else than you? Because that's the way
eu.org, uk.com and similar operate.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a millio
Dnia 14.12.2021 o godz. 13:06:49 Andrew Sullivan pisze:
> On Mon, Dec 13, 2021 at 12:31:07PM +0100, Jaroslaw Rafa wrote:
> >That's exactly what Public Suffix List is for. It lists all such domains.
>
> Well, to be a little more pointed about it, it attempts to provide a
>
all text/plain parts from multipart
messages, up to 5 levels nesting of multipart messages one inside another
(that level is configurable via a parameter in the script).
If you want to look at it, it's here: http://rafa.eu.org/media/textconv.pl
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.
etc. but it is not - and *should not* be - mandatory.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
somehow commerce-related
and collect personal data.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
pient of the mail can access its content. No operator of any
mail server is able to read your message. If you use only level 2, then
operators of both sending and receiving server (and any intermediate server,
if there are any) can have access to the message in plaintext form.
--
Regards,
nd sell your metadata.
And you are right with regard to the fact that metadata is often more
important in "spying" on the individual than the actual data transmitted;
but simple solutions like HTTPS don't protect you from metadata being
collected.
--
Regards,
Jaroslaw Rafa
r..
Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze:
>
> What I am asking is, are there situations where legitimate sender
> (non-spam) would generate soft fail?
Forwarding.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they
Dnia 11.01.2022 o godz. 12:51:54 Fourhundred Thecat pisze:
> > On 2022-01-11 11:32, Jaroslaw Rafa wrote:
> >Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze:
> >>
> >>What I am asking is, are there situations where legitimate sender
> >
et's trust Postfix authors that
they have done it right. To implement TLS support, one certainly has to know
more about it than an average mail administrator. So just trust them.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're go
t have one in the configuration shown in your mail)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
v an "overkill" for using one simple utility? Why
couldn't it just use the system-installed Python?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
is
run to provide this service. Both services, on port 25 and 587, are provided
by two instances of the same executable, therefore "smtp" in both cases.
After "smtpd" there can be arguments used to call this executable - these
arguments are used to make both services operate differently.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
mtpd_" :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
P address, for example by using
permit_mynetworks ?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ee availability test results here:
> https://ping-admin.com/free_test/result/16443944516w2j65r1y4j0kca10wdw3q.html
> (not sure if this link will be valid for long, though).
Poland, ISP is UPC ( https://www.upc.pl/ ), works OK.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a mill
.postfix.org and tells where it
stops.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 9.02.2022 o godz. 13:58:01 Jaroslaw Rafa pisze:
>
> I think it's just a routing misconfiguration at some major ISP. It might be
> hepful that the OP does a traceroute to www.postfix.org and tells where it
> stops.
I did a traceroute to the first five sites that fail acco
where this post exists. But
maybe his security team will be happy with removing it from that particular
place where they found it...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
pretty rare case for me (I usually work with single-server setups). I did
not think that it can be used in such context as rewriting by canonical
maps.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hu
al_alias_maps seems completely unneccessary in your case. What
funtion exactly does it provide here?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
maps mapping
destination@address->mailbox. Is that your case?
But this still doesn't have anything to do with Dovecot "accepting" any
email addresses, because Dovecot just provides access to a mailbox. Once you
properly log in, you have access to all messages stored in the mailbox,
re
Dnia 21.02.2022 o godz. 13:09:19 Alexey Shpakovsky pisze:
> On Mon, February 21, 2022 12:59, Jaroslaw Rafa wrote:
> >
> > The part I am wondering about is exactly "Dovecot accepts". As far as I
> > know, Dovecot does not need to "accept" anything, becaus
onfiguration_manual/authentication/user_databases_userdb/
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
you try apt-get?
milter-regex is not in the Ubuntu repositories (at least for 20.04).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ely on random on-access file scanning.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
kind of password.
You may also (again if this is possible in setroubleshootd) insert a very
specific header into the message and use a milter to reject message if the
header is not present.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ltiple
"department" (or how do you call them) mail servers that relay mail to a
central server. Then you can very easily have mail-from and rcpt-to equal on
port 25.
Seems like a pretty valid case to me.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids
ound email
>
> MX is for inbound e-mail by definition
I think what the OP meant is that recipient domain has two MX-es and
the goal is that the Postfix doesn't try the second MX in case the
first one rejects with 4xx but defers the message immediately (for
this specific recipient domain
oIP provider is using
separate login & password for each phone line). This setup will work for
any ISP as long as ISP isn't blocking inbound UDP ports 5060/5061.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 12.04.2022 o godz. 14:20:11 Jaroslaw Rafa pisze:
> Dnia 12.04.2022 o godz. 14:07:13 Richard Rasker pisze:
> >
> > But according to the information supplied, I should also be able to
> > use smtp.xs4all.nl as a relay host, see
> > https://www.xs4all.nl/eigenmai
omain, its IP address (the outgoing one) should be included in SPF record
for the originating domain, if you do use SPF.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
un SpamAssassin? As a milter or as a post-queue content filter,
that reinjects the mail back to Postfix?
Double signing is a known issue in the latter case (ie. if you run SA as a
content filter). Switch to running SA as a milter and the issue will be
solved.
--
Regards,
Jaroslaw Rafa
r...@r
ld, but not "To:".
And referring to the original questions about legit cases of e-mails without
"To:" field - if someone sends an email to multiple recipients that are
listed in the "Bcc:" field (as it is often done due to privacy), and does
not specify the "To:"
tandard" TLS encryption described above, which is
basically a standard that everyone has.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
, never used it
:)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
es
permanently.
Of course there was a lot more of this "hammering" when some time ago I had
mistakenly AUTH turned on on port 25, so it looks like the bots that try to
crack email passwords are mostly targeting this port.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a
for mail that is submitted locally via
/usr/sbin/sendmail and for mail that is submitted from SMTP clients.
Is it possible to do it using only Postfix configuration directives or do I
need to use a milter for this?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when
the
mail to Gmail, but I'm considering doing this automatically (although I
don't like this workaround, I'd rather prefer that all my mails be sent from
the same address I'm using for years, but it seems there's no way to achieve
that with Google :().
--
Regards,
Jaroslaw Ra
address rewriting.
>
> This rewrites {envelope, header} {sender, recipient} addresses.
Can I use "-o sender_canonical_maps=..." instead of "-o
smtp_generic_maps=..." in this way, to change only the sender addresses?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
&quo
ity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
I understand this is a default and recommended setting.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
or various other domains from time to time. Google's spam
filtering tends to discriminate aginst low-volume senders who are in less
popular domains.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
e, not a rejection. Rejection -in any context, not
only miletar and MTA related - can be described in other words as
"explicitly negative response", so nothing else than a reject code. :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, t
Re:" actually comes from the Latin phrase "in re," which means "in the
matter of", so it should never be translated.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
not a misconfigured server, but some stupid bot trying to guess
passwords. It is a comonly observed thing.
> Blocking these IPs with fail2ban is a good idea?
Probably yes.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna kn
t "canonical" method to do such changes is via milter.
You can create a milter that will change the Subject: header appropriately
when it detects the old domain in the recipient address.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, t
jecting emails
while gmail.com is rejecting the same emails.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
when implementing
such a solution (automatically visiting links) caused all people receiving
mails from mailing lists to be automatically unsubscribed from these lists,
as the messages contained an unsubscribe link in the footer...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years
ovecot entry above in the log. So it's either gpgit-pipe, dovecot or
amavis itself that rewrites address from u...@domain2.com to
u...@domain1.com.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
rcomplicated
things and put a lot of unnecessary settings in your config.
Isn't "always_bcc" set to an alias that expands to your script going to
achieve what you want? If not, then please try to describe what are
differences between this and your expected outcome.
--
Pozdrowienia,
Jaros
be just an alias that pipes mail to the "mailbot"
script directly?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
t in smtpd_recipient_restrictions so that only the "mailbot" script
could mail to it.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
in /etc/hosts to your real (ie. not
127.0.0.1) IP address.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
domain.2domain.tld, but
that another machine is), then Postfix has nothing to relay. Wouldn't be
enough just to set relay_domains explicitly to an empty value?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once the
ve priority over more general ones.
If you want to connect to somewhere on the Internet, the kernel will route
the packets via the first interface, because your default gateway is on a
network that your first interface also belongs to.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a m
dress.
reject_unknown_reverse_client_hostname
Reject the request when the client IP address has no address->name
mapping.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ipient_access, but where you can use a
lookup table containing both sender and recipient addressses, would be an
ideal solution.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ions=permit_sasl_authenticated,reject
to
-o smtpd_client_restrictions=$temp_client_block,permit_sasl_authenticated,reject
and did "service postfix reload".
However, I still find in my mail.log the entries like:
Aug 12 12:31:08 rafa postfix/smtps/smtpd[25866]: connect from
unknown[1.22
hich
> have been adopted.
>
> https://www.kfki.hu/~kadlec/sw/postfix_patch.html
I understand it's the "check_access" restriction mentioned in the page you
linked? But it is not included in standard Postfix release?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million ye
Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> You neglected to add:
>
> -o smtpd_delay_reject=no
Thank you for your answer. Just a few minutes ago found that out myself and
added this parameter to master.cf! :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
&quo
Dnia 12.08.2022 o godz. 16:31:04 Jaroslaw Rafa pisze:
> Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> > You neglected to add:
> >
> > -o smtpd_delay_reject=no
>
> Thank you for your answer. Just a few minutes ago found that out myself and
> add
es, and I want to keep my
recipient restrictions even for authenticated clients (they contain
permit_sasl_authenticated pretty early, but the part before this should be
applied even for mail submitted from authenticated clients, it rejects some
local recipient addresses that should not receive mail).
--
someone who needs this asked me about such a
feature. So if you could do it, it would be very nice. Thank you in advance.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
rds,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 13.08.2022 o godz. 16:23:10 tog...@dinamizm.com pisze:
>
> Have you looked spamhaus or abusix for auth blacklists. They both do a decent
> job
> in blocking auth attempts from nasty IP addresses in my case.
I will look at them. Thank you!
--
Regards,
Jaroslaw Rafa
r...
sions?
I know this is not a Dovecot list, but maybe someone here knows answer to
this? Or maybe someone already wrote such a piece of software and it sits
somewhere in the Net ready to grab?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they'
st use a
completely made-up port instead of 465, that will accept mail only from your
sending server.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
x27;s own servers?
> Also one should be encrypting traffic
> anyway as a matter of best practice.
Use of port 25 (or any other port) does not exclude encryption.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: on
ryption (via STARTTLS).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
self I had problems with double-signing mail with DKIM.
My solution was to use Spamassassin as milter instead of a post-queue
content filter. I recommend this to everyone.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: on
I don't see
any TLS settings for outbound (smtp_tls_...). So it's nothing strange that
TLS is not used for outbound connections. That's what you exactly told your
Postfix to do.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they
1 - 100 of 521 matches
Mail list logo
