Postfix

kernel: Limiting closed port RST response from x to y packets/sec

Leave a Comment / dma, FreeBSD, General, Mail, Open Source, Postfix / By /

For 3 days now, I’ve been seeing these messages. If you search online, it’s usually the result of port scanning. Aug 7 14:05:15 zuul kernel: Limiting closed port RST response from 212 to 195 packets/sec Aug 7 14:05:16 zuul kernel: Limiting closed port RST response from 219 to 215 packets/sec Aug 7 14:05:17 zuul kernel: Limiting closed port RST response from 220 to 193 packets/sec Aug 7 14:05:18 zuul kernel: Limiting closed port […]

kernel: Limiting closed port RST response from x to y packets/sec Read More »

Replacing postfix with dma + auth

Leave a Comment / dma, Mail, Postfix / By /

It’s a muggy Friday morning, sitting outside the cafe – it’s tolerable in the shade with a slight breeze and cold iced-latte in a glass. Dogs walking past, lots of pats. It’s time to change most of my hosts from Postfix (my favorite MTA) to dma (in FreeBSD, no install required). I have previously moved most of my jail hosts from Postfix to dma. A few days ago, I changed one of my

Replacing postfix with dma + auth Read More »

Why are some emails from Charlie Root and others are from root?

Leave a Comment / dma, Mail, Postfix / By /

It’s another Saturday morning outside the coffee shop. My abundance of free time, without conferences to run, has resulted in mind shattering pondering. Case in point: In this post: FreeBSD 14.1-RELEASE Let’s use these two hosts: r730-01 – email is from root nagios03 – email is from Charlie Root What are the differences? First idea My first idea: /etc/password differences. Let’s check that idea: [11:19 r730-01 dvl ~] % grep root /etc/passwd root:*:0:0:Charlie

Why are some emails from Charlie Root and others are from root? Read More »

Replacing postfix with dma

Leave a Comment / ansible, dma, FreeBSD, Mail, Open Source, Postfix / By /

I like Postfix. I’ve been a fan of it for over 20 years. I deployed it on every host for outgoing email. Lately, I’ve taken to using dma (DragonFly Mail Agent) as my preferred mail handler on jails and hosts which don’t need to deal with incoming mail, only outgoing mail. After first getting serious with it about 6 months ago, I decided to remove it from all internal hosts during the consolidation

Replacing postfix with dma Read More »

Setting up a new Dovecot server on FreeBSD with an OSX mail.app client

Leave a Comment / dovecot, Mail, Postfix / By /

I have used Dovecot as my IMAP server since 2007. It has always been reliable and useful. Recently, I wanted to move my IMAP server to one host to another. I am the only user on this IMAP server. Wait, not I’m not, there are some test accounts on here, mostly used to verify that IMAP is running properly, but that’s no my point. The point is: we’re not moving thousands of accounts,

Setting up a new Dovecot server on FreeBSD with an OSX mail.app client Read More »

Using Postfix to block mail based on From/sender and To/recipient

Leave a Comment / Postfix / By /

Back in late November (now 56 days ago), I started getting huge levels of very directed spam. When I tweeted about it, I was getting perhaps 100-250 a day. I thought it would soon stop and they would target someone else. They would get into my spam folder yes, but it still takes time to go through that folder. Eventually it did stop. For a few days, then it came back at about

Using Postfix to block mail based on From/sender and To/recipient Read More »

No more certificate fingerprints – only sasl auth instead

Leave a Comment / Let's Encrypt, Postfix / By /

Today I gave up on my attempt to allow relay via SSL certificate fingerprints. Instead, I will use sasl auth. Yesterday I wrote about my SMTP deliver test which broke when an SSL certificate was updated. Later that day, I finished writing scripts which delivered that fingerprint file to all hosts which needed it. Today, I abandoned that approach in favor of sasl. From the time I decided to use sasl to my

No more certificate fingerprints – only sasl auth instead Read More »

Postfix suddenly starts rejecting email it had been accepting

Leave a Comment / Let's Encrypt, Mail, Postfix / By /

Let’s Encrypt is an easy way to get free SSL certificates in an automated manner. You may never have to manually do another cert renewal again. Last night, I received this email: From: Cron Daemon To: dan@langille.org Subject: Cron /usr/local/bin/cert-puller Date: Fri, 23 Feb 2018 23:57:00 +0000 (UTC) /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found Little did I know when I tweeted about it,

Postfix suddenly starts rejecting email it had been accepting Read More »

/etc/rc.subr: 1391: Syntax error: “fi”: unexpected

Leave a Comment / DigitalOcean, ezjail, FreeBSD, freebsd-update, Jails, Open Source, Postfix, ZFS / By /

Yesterday, I upgraded a DigitalOcean droplet from FreeBSD 10.3 to FreeBSD 11.1 just before I headed to work. I’ve done such upgrades several times before. They all went well. This one did not. Several issues cascaded to prevent me from completely this task in a timely manner. Let me describe the events as they unfolded. The freebsd-update From memory, because the system is not back online as I type this, the command I

/etc/rc.subr: 1391: Syntax error: “fi”: unexpected Read More »

reject_unknown_recipient_domain gives Recipient address rejected: Domain not found

Leave a Comment / Postfix / By /

If you’re using Postfix for submission and attempts to submit give this messages on the Postix server: Recipient address rejected: Domain not found you’re probably chroot’d. That is, your submssion entry in master.cf looks like this: submission inet n – – – – smtpd When it should look like this: submission inet n – n – – smtpd Penalty against http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL which was my starting point. My thanks to rob0 and lunaphyte for

reject_unknown_recipient_domain gives Recipient address rejected: Domain not found Read More »

Scroll to Top