Postings by pg151

Postscreen usually rejects based on DNSBLs. Good enough? Lower overhead options?

I see countless Postscreen rejections of this type

Nov 14 13:28:58 mx postfix/postscreen[11068]: CONNECT from []:19243 to [#.#.#.#]:25
Nov 14 13:28:58 mx postfix/dnsblog[11069]: addr listed by domain as
Nov 14 13:28:58 mx postfix/dnsblog[11072]: addr listed by domain as
Nov 14 13:28:58 mx postfix/dnsblog[11071]: addr listed by domain as
Nov 14 13:29:04 mx postfix/postscreen[11068]: DNSBL rank 9 for []:19243
Nov 14 13:29:05 mx postfix/postscr

faking a test message to a milter?

I'm starting to work on writing my own outbound milter for a Postfix instance.

While working on it, I'll want to test with message submissions "to" it.

Is there a good example of manually submitting a robust -- i.e., exactly as from a running, Postfix instance -- message example to a milter?

Without a Postfix instance around, just 'echo' a message to the milter listener?

how to correctly pass 'real-ip' to/through milters?

I'm experimenting with setting up & using various milters in my inbound processing.

Atm, I have an internal postfix instance that receives mail from a pre-Q instance of amavisd, which then submits the mail to a chain of milters, then subsequently passes it onto a post-Q amavisd instance for further processing.

In effect,

(postscreen) -> (postfix internal smtpd) -> (amavisd preQ) -> (milters)

That 'milters' instance has a config of


[]:10010 inet n - n - - smtpd
-o smtpd_banner=localhost.10010
-o syslog_name=postfix/in-preQ
-o milt

Are sha1 & TLSv1 fully deprecated wrt mail, and time to block them?

1st, this is -- for me -- a postix/mail-RELATED security question.

Outbound DKIM signing milter options for Postfix?

I'm setting up outbound DKIM signing for a Postfix instance.

I'd prefer something other that OpenDKIM or Amavisd.

Other than DIY, is there a solid/stable milter for outbound signing folks are successfully using with Postfix?

Appreciate any references!