New #blog post: "Signing sieve vacation auto-reply messages with dkim using postfix for deliverability"
I start my holiday, during which I intend to do less computer-touching, but doing some holiday-related computer-touching with my mailserver.
@marcuwekling Großartige Idee! Ich bin (eh schon) dabei! 
#dutgemacht #ididit
Hier was ich derzeit schon so nutze:
- Eigener Mailserver #postfix #clamav #rspamd #roundcubemail #dovecot
- Notebooks auf #Linux
- #pfsense Firewall
- #thunderbird
Selber gehostete freie Dienste/Software derzeit:
- #Nextcloud
- #PaperlessNGX
- #Peertube
- #HomeAssistant
- #Mastodon
- #Matrix
- #Wordpress
Fremdgehostete freie Dienste:
- #pixelfed
- #bigbluebutton
- #letsencrypt
Leider kann ich meinen Windowsrechner noch nicht loswerden #gamer - aber das kommt bestimmt auch noch irgendwann... 
because running a mail server wasn’t fun enough: the Dovecot 2.3 → 2.4 update has tons of breaking config changes
(h/t to https://willem.com/blog/2025-06-04_breaking-changes/ for the exhaustive breakdown of the changes)
Frage an die Schwarmintelligenz: Kann ich #postfix sagen, das es _als Server_ einige Mailhosts von der Vorgabe ausnehmen soll, TLS zu sprechen? Ich scheine Mailserver zu haben die zwar behaupten TLS zu können, aber dann die Verbindung abbricht. Diesen würde ich gerne kein TLS anbieten... was ist dafür das flag?
Gibt es in meiner Timeline jemanden, der professionellen #postfix #support leistet? Hab da ein #ispconfig3 Problem, welches mit etwas Postfix Wissen vermutlich schnell gelöst werden kann.
I have a #SysAdmin question: is it okay to use a local, loopback-only SMTP server (#mailutils + #postfix) to allow a local web app to send mails directly? Without any login/passwd?
This works fine:
echo [boty] | mail -s [subject] [dest]
But I can’t make it work from my app (#ApacheAnswer), even though it does have an unauthenticated mode for SMTP. What am I missing?
How much of a hit would the trustability and sending reliability of my #mailserver take if I change the just the domain, but not the IP etc ?
Nie mehr Ärger mit Blacklistings bei Microsoft – dank Transport Maps in Postfix/mailcow und einem kostenfreien Relayhost 
https://andersgood.de/kurz-notiert/schluss-mit-blacklisting-bei-microsoft
@ytc1 @DenOfEarth @aka_pugs I know.
And espechally in #ScientificComputing a lot of researchers loved working with #SunMicrosystems and when #Oracle took over that relationship got sour'd instantly due to #Oracle #CEO #LarryEllison...
-> https://infosec.space/@kkarhan/114682503920794745
One of the big successes of #Sun was that they basically declared a unilateral "ceasefire" in terms of #IP & #Patents re: #OpenSource. Whereas Oracle didn't seem willing to honour that.
Obviously #Linux with it's #GPLv2only-Kernel and most of it's Userland could not get 'closed-sourced' like #OpenSolaris which instantly got stomped out by Oracle as they wanted to sqeeze #Solaris for profits and milk their clients in typical Oracle fashion...
Now granted, I do know someone who for most of their life made their money dealing with the intricacies of setting up #postfix, #sendmail and #courier #MailServers on Solaris and if I ask said person about that they give me a kilometer stare, so OFC like a #SysV - #Unix systems Solaris and #SunOS really are one of the reasons #WindowsNT won the "#WorkstationWar" and why - if anyone - #Apple won the last "#UnixWar"...
#NerdSpeak Some mail senders are exposing internal, non-resolving host names in the EHLO/HELO phase when sending mails, causing my mail server to (correctly) refuse them. However, in some cases I have to begrudgingly accept their broken config as the mails they send are actually legitimate and important. Looking at you, Drillisch Online. Fix your shit. Anyway, here's how I did it on my #postfix server: https://codeberg.org/jwildeboer/gists/src/branch/main/2025/20250615HELOAllowlistPostfix.md
1/3
Any #postfix users know how to configure smtp_tls_wrappermode = yes for sending via a single relay, but not use it for others? I have things set up to relay via my outbound SMTP server to a few mail servers that all want STARTTLS over port 587, but now I want to add one that wants SMTPS over port 465. If I don't set smtp_tls_wrappermode = yes, it refuses to connect to the new server. If I do set it, it refuses to connect to the existing ones. There are some hints in the documentation that you can use transport_maps in some way, but I can't figure out how.
Spent the morning trying to figure out why recipient_delimiter = + wasn't working in my postfix/dovecot/mysql/ldap setup wasn't working. Yes, it's a bit too complex for its own good, but I found it was a simple issue. [1/3]
Well, this blows. Spamhaus has blocked the entire 2600:3c00::/64 IPv6 range, which includes my email server. That seems a little excessive.
I found out because I tried to send an email to my employer, and they use Spamhaus. This is a problem for me and I'm not sure what to do. Maybe I can disable IPv6 for sending email. I dunno.
https://check.spamhaus.org/results/?query=2600:3c00::f03c:94ff:fe85:b6ee
Y-en-a-t-il parmi vous qui ont mis en place dans #postfix un système de liste blanche de correspondants par utilisateur.
On a des clients qui utilisent Mailinblack et qui apprécient le système de captcha envoyé automatiquement en réponse aux expéditeurs inconnus.
Il doit y avoir moyen de faire quelque chose de similaire avec milter et/ou sieve
Nos boites mails sont administrées avec ISPConfig
Just going through the logs of my own mail server (Thanks, @mwl !) to extend my #postfix #fail2ban #regexp to ban hosts with too many unsuccesful login attempts. Knowing the user name pattern (example.com only letters, others with at least one dot) I came up with
'warning: .*\[<HOST>\]: SASL LOGIN authentication failed: .*sasl_username=<F-USER>(?:[^.]*@(?!example\.com)|[^.]*\.[^.]*@(?:example\.com))</F-USER>'
This works great.
Whilst migrating from my very manual email setup to something orchestrated by ansible and highly-available, I have come upon all sorts if jankiness I don't remember configuring.
Currently, I have multiple working MX servers, but only one postfix submission server. The MX's currently all point to a single dovecot server for LMTP, and it also pulls double-duty as my IMAP server.
Next on my list for ansible configuration:
This has been a real learning experience, and with any luck will get me to the point where I'm able to spin up/down new mail handlers just by adding hostnames to an ansible inventory list.
I find it really sad that Trusteddomainproject (authors of OpenDMARC) is basically dead
Sean 
𝚜𝚎𝚕𝚎𝚊 