Postfix vs. outbound.protection.outlook.com

Microsoft has decided that checking senders hostname using HELO and rDNS is really 90’s, not really a rule and only for loosers and cowards: https://docs.microsoft.com/de-de/exchange/troubleshoot/antispam-and-protection/cannot-send-emails-to-external-recipients As an old school admin you have to tune your postfix to let the fluffy cloud mails from visionary early adopter outlook users. To solve the HELO part of the […]

OpenDKIM | gentoo | warning: connect to Milter service unix:/var/run/opendkim/opendkim.sock: No such file or directory

On Gentoo some postfix processes run chroot’ed but others do not. In result these processes need different sock locations, but this is impossible. Solution: # mkdir -p /var/run/postfix/var/run/opendkim # chmod milter:milter /var/run/postfix/var/run/opendkim # usermod -a -G milter postfix # mount –rbind /var/run/opendkim /var/run/postfix/var/run/opendkim

OpenBSD | newsyslog | postrotate command

Your daemon doesn’t write to his logfile after rotating log using newsyslog? You are executing a postrotate command in newsyslog.conf? The reason for this strange behaviour is that in case of executing a postrate command per definition (rtfm newsyslog.conf) no SIGHUP will be sent to syslogd. Solution: execute a pkill -HUP syslogd afterwards: #/var/log/maillog 640 […]

Postfix | TLS | main.cf settings

##### TLS settings ###### tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA tls_random_source = dev:/dev/urandom ### outgoing connections ### #smtp_tls_security_level=encrypt smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_cert_file=/etc/postfix/cert.pem smtp_tls_key_file=/etc/postfix/key.pem smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers=high smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ### incoming connections ### #smtpd_tls_security_level=encrypt smtpd_tls_security_level=may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/key.pem smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers=high smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

RBL server list | 2015JAN

rbl2.triumf.ca relays.bl.gweep.ca proxy.bl.gweep.ca dnsbl.net.ua hartkore.dnsbl.tuxad.de dunk.dnsbl.tuxad.de dnsbl.madavi.de spamblock.kundenserver.de schizo-bl.kundenserver.de worms-bl.kundenserver.de admin.bl.kundenserver.de relays.bl.kundenserver.de tor.dnsbl.sectoor.de torserver.tor.dnsbl.sectoor.de exitnodes.tor.dnsbl.sectoor.de spam.dnsbl.anonmails.de dnsbl.inps.de bl.blocklist.de bl.emailbasura.org netblock.pedantic.org spam.pedantic.org dnsblchile.org query.senderbase.org blackholes.mail-abuse.org rbl-plus.mail-abuse.org relays.mail-abuse.org rbl.schulte.org mail-abuse.blacklist.jippg.org list.bbfh.org access.redhawk.org bl.spamcannibal.org b.barracudacentral.org bb.barracudacentral.org free.v4bl.org ip.v4bl.org combined.njabl.org dnsbl.njabl.org dnsbl.dronebl.org sbg.sbg-rbl.org dyn.sbg-rbl.org rbl.efnetrbl.org multi.surbl.org dnsbl.proxybl.org dnsbl.tornevall.org opm.tornevall.org block.stopspam.org dnsbl.stopspam.org badhost.stopspam.org dnsbl.justspam.org ips.backscatterer.org orvedb.aupads.org rsbl.aupads.org duinv.aupads.org dnsbl.openresolvers.org ipbl.mailhosts.org […]