Postings by =?windows-1252?Q?L.P.H._van_Belle?=

request improved logging for postfix.



After the message from yesterday, im asking if the postfix logging can be changed.

To improve the loggings and a better more clear reject message.


A small change maybe, i dont know, i’ll show what i mean below.

Maybe im totaly incorrect here so correct me if needed.


Now, Im running Debian Wheezy, postfix ( debian backport ) 2.11.2-1~bpo70+1.

DNS round robin on helo?



I couldnt find this on the internet and is was thinking, the postfix list wil know this.

Customer send email which are rejected by my server.  I thinks that is correctly rejected.


Now i digged into this and i found the following but i dont know if this is allowed by RFC.

To me this should not be done but if someone can conform this, that would make me happy.

Re: permit after all

paul, check if there are messages still in queue. 

i had a comprimized account also and same as you it didnt stop. it did after clearing up the queue list.

the user in question has used its email and pass om a website which was  omprimized, at least thats what i think. 

i my case i allow my users only from specific countries for smtp, 
limited by firewalling.

postfix sasl auth required



Im testing out my servers and i noticed the following


telnet localhost 587

Trying ::1...

Connected to localhost.

Escape character is '^]'.

220 mail.mydomain.tld ESMTP Ready

ehlo localhost



250-SIZE 15360000






250 DSN



Im missing my

250-AUTH here after starttls.

Or is this because the :  "smtpd_tls_auth_only = yes" 


I cant figure out what i missed, of if by default if : "smtpd_tls_auth_only = yes". Is set no auth is offered?

FW: SSL Renegotiation Attack "Disabling reneotiation"


As far as i know, no.

Unless you are forceing all clients to use SSLv2 only (since that doesn't support renegotiation).
Are you sure you want to disable it and not just prevent old clients from
using the vulnerable renegotiation methods? If it's the last
you'll need to upgrade to 2.8+ to get access to tls_disable_workarounds.

you have 2 problems.
- One is the vulnerable methods
- the other is renegotiation is considered a denial of service vulnerability..

You really dont have any option to upgrade..
Whats the os your running?

SOLVED.. FW: ldap virtual split domain and forwarding.

Finaly i did found the problem.

In the end i did add the ldap ldap://etc/postfix/zarafa-ads-* in the aliases_map
and all the redirects in the virtual_alias_maps

and now i did some testing with an e-mail address, .. which did not have any typos in the email adres in ldap.
that was where my error was.


Van: <a href="mailto: ... at bazuin dot nl"> ... at bazuin dot nl</a> [mailto:owner-postfix- ... at postfix dot org] Namens L.P.H.

ldap virtual split domain and forwarding.


Im new to the list, so tell me if im do-ing something wrong..
in advance, .. sorry for my english, and sorry for the long explanation..
better to much than to little imo.

Im having the following setup.

Debian Jessie 8.1 with packages, running a zarafa mail server samba 4 AD domain,
I have amost all info i want in the AD, but im having problems with some e-mail aliases and forwarding of these.