mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#postfix

3 Beiträge3 Beteiligte0 Beiträge heute

New #blog post: "Signing sieve vacation auto-reply messages with dkim using postfix for deliverability"

I start my holiday, during which I intend to do less computer-touching, but doing some holiday-related computer-touching with my mailserver.

neilzone.co.uk/2025/07/signing

Photo of me, a white man with a short dark beard, and dark hair, smiling at the camera, while sitting in front of a vintage terminal with green text on the screen.
neilzone.co.ukSigning sieve vacation auto-reply messages with dkim using postfix for deliverability
Mehr von Neil Brown
#Linux#FOSS#postfix
Antwortete im Thread

@marcuwekling Großartige Idee! Ich bin (eh schon) dabei! 🙃 #dutgemacht #ididit

Hier was ich derzeit schon so nutze:

- Eigener Mailserver #postfix #clamav #rspamd #roundcubemail #dovecot
- Notebooks auf #Linux
- #pfsense Firewall
- #thunderbird

Selber gehostete freie Dienste/Software derzeit:
- #Nextcloud
- #PaperlessNGX
- #Peertube
- #HomeAssistant
- #Mastodon
- #Matrix
- #Wordpress

Fremdgehostete freie Dienste:
- #pixelfed
- #bigbluebutton
- #letsencrypt

Leider kann ich meinen Windowsrechner noch nicht loswerden #gamer - aber das kommt bestimmt auch noch irgendwann... 🤞

Frage an die Schwarmintelligenz: Kann ich #postfix sagen, das es _als Server_ einige Mailhosts von der Vorgabe ausnehmen soll, TLS zu sprechen? Ich scheine Mailserver zu haben die zwar behaupten TLS zu können, aber dann die Verbindung abbricht. Diesen würde ich gerne kein TLS anbieten... was ist dafür das flag?

Antwortete im Thread

@ytc1 @DenOfEarth @aka_pugs I know.

And espechally in #ScientificComputing a lot of researchers loved working with #SunMicrosystems and when #Oracle took over that relationship got sour'd instantly due to #Oracle #CEO #LarryEllison...

-> infosec.space/@kkarhan/1146825

One of the big successes of #Sun was that they basically declared a unilateral "ceasefire" in terms of #IP & #Patents re: #OpenSource. Whereas Oracle didn't seem willing to honour that.

  • Without that cooperative atmosphere we saw #OpenOffice devs literally forking off into @libreoffice and projects like #illumos and @openzfs scramble to save what was OpenSource'd and also rescue that.

Obviously #Linux with it's #GPLv2only-Kernel and most of it's Userland could not get 'closed-sourced' like #OpenSolaris which instantly got stomped out by Oracle as they wanted to sqeeze #Solaris for profits and milk their clients in typical Oracle fashion...

Now granted, I do know someone who for most of their life made their money dealing with the intricacies of setting up #postfix, #sendmail and #courier #MailServers on Solaris and if I ask said person about that they give me a kilometer stare, so OFC like a #SysV - #Unix systems Solaris and #SunOS really are one of the reasons #WindowsNT won the "#WorkstationWar" and why - if anyone - #Apple won the last "#UnixWar"...

  • Still I do am sad that I declined that #sysadmin position at a leading research center I'm not at liberty to name and I do know there's OFC still some critical infrastructure running even older Solaris servers...

mastodon.sdf.org/@ytc1/1146893

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@DenOfEarth@mas.to @aka_pugs@mastodon.social I know. Cade in point, #OpenSolaris did have avid users just below that range, and a lot of #ScientificComputing used it, as they previously used #IRIX. And #Sun being #OpenSourve-friendly was the right direction...

#NerdSpeak Some mail senders are exposing internal, non-resolving host names in the EHLO/HELO phase when sending mails, causing my mail server to (correctly) refuse them. However, in some cases I have to begrudgingly accept their broken config as the mails they send are actually legitimate and important. Looking at you, Drillisch Online. Fix your shit. Anyway, here's how I did it on my #postfix server: codeberg.org/jwildeboer/gists/

1/3

Codeberg.orggists/2025/20250615HELOAllowlistPostfix.md an maingists - A collection of short notes on specific little things that are good to store and share but not enough for a blog entry. Mostly geeky stuff.

Any #postfix users know how to configure smtp_tls_wrappermode = yes for sending via a single relay, but not use it for others? I have things set up to relay via my outbound SMTP server to a few mail servers that all want STARTTLS over port 587, but now I want to add one that wants SMTPS over port 465. If I don't set smtp_tls_wrappermode = yes, it refuses to connect to the new server. If I do set it, it refuses to connect to the existing ones. There are some hints in the documentation that you can use transport_maps in some way, but I can't figure out how.

Finally gave in and wrote some Postfix rules to route SMTP traffic for *.outlook.com hosted domains (basically any school or government I email) through IPv4 instead of IPv6 to stop being blocked by Spamhaus false positives on "my" shared v6/64. #IPv6 #SpamHaus #Postfix

Y-en-a-t-il parmi vous qui ont mis en place dans #postfix un système de liste blanche de correspondants par utilisateur.

On a des clients qui utilisent Mailinblack et qui apprécient le système de captcha envoyé automatiquement en réponse aux expéditeurs inconnus.

Il doit y avoir moyen de faire quelque chose de similaire avec milter et/ou sieve

Nos boites mails sont administrées avec ISPConfig

Just going through the logs of my own mail server (Thanks, @mwl !) to extend my #postfix #fail2ban #regexp to ban hosts with too many unsuccesful login attempts. Knowing the user name pattern (example.com only letters, others with at least one dot) I came up with

'warning: .*\[<HOST>\]: SASL LOGIN authentication failed: .*sasl_username=<F-USER>(?:[^.]*@(?!example\.com)|[^.]*\.[^.]*@(?:example\.com))</F-USER>'

This works great.

Whilst migrating from my very manual email setup to something orchestrated by ansible and highly-available, I have come upon all sorts if jankiness I don't remember configuring.

Currently, I have multiple working MX servers, but only one postfix submission server. The MX's currently all point to a single dovecot server for LMTP, and it also pulls double-duty as my IMAP server.

Next on my list for ansible configuration:

  • Set up acme.sh so that each MX can handle its own certificates for postfix and dovecot
  • Configure Submission, LMTP and IMAP
  • Configure extra mail services, such as opendkim, opendmarc, spf checking, dovecot indexing

This has been a real learning experience, and with any luck will get me to the point where I'm able to spin up/down new mail handlers just by adding hostnames to an ansible inventory list.

#sysadmin#homelab#ansible