Postings by techlist06

receive_override_options with 2 cleanups

Postfix 3.2.2

Post upgrade, I'm revisiting my configuration to be sure I'm taking advantage of current features relative to my old server.

I'm still using 2 cleanup services , pre-cleanup before the content_filter and the regular cleanup after-filter.

I was using Patrick Koetter's current postfix-amavisd readme as a reference.

Deciphering maillog transaction that resulted in reply to spammer

Postfix 3.2.2, Centos7, amavisd, clamav

Upgrading my server, and recently migrated one of my older domains that gets
more spam. When checking my mail queue I saw a few deferred messages to
addresses that alarmed me. I had a moment of panic thinking maybe I had
configured something allowing a relay. Looked and decided I was OK there
but I want to understand what caused these deferred messages. I figure I
have something set wrong that allowed it in the first place. I *think* it's
a bounce where I would not want a bounce.

Can someone help me follow/decode this sample transaction?

List posting question

I'm trying to post: a question, a copy of 20 lines or so of a maillog, and
the output of postconf -n .

The list does not seem to be accepting it. Maybe because the log has some
IP's and and address of a spammer? What should I do to sanitize it so it
will post? Not sure what's triggering the block. I tried posting it from
my server and from as well. Nabble stays at "...not accepted

Thanks, Scott

postscreen log summary

Anyone have or know of a log parser/tool that includes postscreen logs? I
don't think Jim's pflogsum includes any type of postscreen data.

Would be nice to have some reporting that included how much I'm potentially
preventing vs. processing.

Thanks, Scott

Clear postscreen whitelist cache

Is it possible to inspect or clear postscreen's whitelist cache?

postscreen fail2ban filter

As I watch the bots and spammers hammer my server with connection attempts,
I figured I might as well stop them even closer to the front door when they
try repeatedly.

I have fail2ban running already and once I enabled postscreen it didn't seem
to have much to do anymore.

My primary question is: Can I filter on the DISCONNECT log line for bad
connections (and only bad connections), or do some "good" connections also

postscreen dnsbl AND smtpd_recipient_restrictions rbl?

I'm converting to use postscreen.

upgrade/compile options

I have a functioning install of 2.10 from rpm's on Centos7. I'm trying to
upgrade the postfix to 2.11.

I don't use LDAP and I'm using Dovecot for SASL. I use TLS. Following the
postfix docs and other's directions, I've tried to pick the correct compile
options. Unfortunately for me RedHat/Centos doesn't appear to include the
.out file I need to see how they compiled theirs.

This is the script I'm using to create the makefile and compile.

postscreen with postgrey - can they cause a double reject?

- postscreen with postgrey - can they cause a double reject?

I searched for answers regarding using both postscreen and greylisting. I
saw some differing opinions. But I did not see this point covered.

Assuming a clients first connection to me to deliver and
Assuming that postscreen is configured for deep protocol tests, and the
connection passes all tests.

I understand postscreen will temporary whitelist the IP but the client must
reconnect in order to deliver.

postscreen delay inprovement - multple IP addresses

I'm working on converting to using postscreen. Studying the details. I
have a question from the docs related to the delays due to the effective
greylisting caused by "Tests after the 220 SMTP server greeting". I believe
my server would qualify as a small site receiving mail for just a few
hundred users.

Snippet from the Howto:
" The following measures may help to avoid email delays: Small sites:
Configure postscreen(8) to listen on multiple IP addresses, published in DNS
as different IP addresses for the same MX hostname or for different MX

Unable to get TLS working with Outlook

I'm building a new server to replace an old one in production. I've never
had trouble in the past, but it's been a while and it is not going smoothly
this time. I've spent a week trying and not getting it going. I gave up
getting Cyrus-sasl to work, moved to Dovecot. Got farther but stuck now.
Eyes crossed. :)

This is on Centos 7, Postfix 2.10.1 from stock rpm, Dovecot 2.2.10.

Bounce a particular recipient address with specified reject message

I have what I expect is a simple question for you guys. Thanks to Ralphs
book and the help here I have a many-year stable postfix configuration, love
it, don't mess with it.

I have a very small hobby-based mailing list I maintain manually in Outlook.
Although all maillist messages I send out include a footer asking the
recipients to not reply to that maillist messages, the users will reply to
the maillist messages occasionally and I would prefer they only reply to my
other addresses.