Search results

  1. K

    Proxmox reporting empty disk reads/writes for LXC containers

    I've experienced lack of (or rather lower than expected) disk IO stats for any CT that was runnng docker. Be it newly created on PVE8 or carried over from a previous install. I thought perhaps pvestat was seeing the read/write activity for the CT root mount but not in docker overlay fs.
  2. K

    SMTP Smuggling mitigation

    I missed that detail. Thanks for pointing it out. I have read the postfix announcement several times over the past month or two. I guess it still didn't sink in!
  3. K

    SMTP Smuggling mitigation

    Are any changes proposed for pmg-api postfix templates following the changes introduced by postfix (3.7.10-0+deb12u1)? * 3.7.10 - Security (outbound SMTP smuggling): with the default setting "cleanup_replace_stray_cr_lf = yes" Postfix will replace stray <CR> or <LF> characters...
  4. K

    I have installed fail2ban successfully but it does not keep logs.

    That will only show the number of matches. To print the matched lines themselves, add --print-all-matched. Once set up, you use fail2ban-client (rather than fail2ban-regex) to administer a running fail2ban instance (e.g. manually add/remove blocked IPs). You can see from your fail2ban-client...
  5. K

    I have installed fail2ban successfully but it does not keep logs.

    Your output shows your regex test on a logfile and then presumably part of your local jail.local config. All being well, fail2ban will log everything including Bans/Unbans to /var/log/fail2ban.log. I believe you can/could configure logging to go to systemd journal. Check 'logtarget'. To see...
  6. K

    [SOLVED] Writing Regex for Virtual Domains

    I believe some /etc/ files, that are potentially overwritten by pmg, have something like 'auto-generated' somewhere near the top. I don't know of a definitive list. PMG doesn't overwrite spamassassin's custom.cf. Nor does it touch any supplemental files you might have created by way of...
  7. K

    violating 822.bis section 2.3?

    I was not sure if it was related to the recent locking down of postfix (in PMG and third party servers). The mail was accepted by PMG presumably because the same restriction aren't applied to the local smtpd port. Or at least not in my config! I suspect it is caused by the way the mailclient...
  8. K

    violating 822.bis section 2.3?

    It was accepted by PMG on the local smtpd port, then rejected by third party server.
  9. K

    violating 822.bis section 2.3?

    The email concerned was an html quoted reply to an html email, to which I attached 2 PDFs. I tried several times to get it accepted. I am guessing it was something in the quoted html message or the way the mail client quoted that meesage? PMG accepted the message on each occassion, but the...
  10. K

    violating 822.bis section 2.3?

    I've configured PMG to use a single relay (smarthost). I recently saw a rejected mail with the response: 552 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command) I changed my mail client to use plaintext and the mail was accepted. I guess this is a...
  11. K

    [SOLVED] Writing Regex for Virtual Domains

    Configuration changes made in the GUI are applied to the relevant services's config files (e.g. /etc/postfix/main.cf) by pmgconfig. This means, if you edit directly any of the generated files (such as /etc/postfix/main.cf), and subsequently make changes via the GUI, your changes will be...
  12. K

    [SOLVED] Writing Regex for Virtual Domains

    Glad you have it working. However postfix customisation needs to be done in the copied template. Copy the entire main.cf.in template from /var/lib/pmg/templates/ to /etc/pmg/templates/, add your config and then apply the new config with pmgconfig sync --restart 1 Otherwise your customisation...
  13. K

    [SOLVED] Writing Regex for Virtual Domains

    You need the postfix-pcre package installed. Also, specify the lookup in main.cf (note the pcre prefix): virtual_alias_maps = pcre:/etc/postfix/virtual On PMG this should be done in the template /etc/pmg/templates/main.cf.in. Whilst I have done this in postfix, I haven't as yet tried it in...
  14. K

    [SOLVED] KAM_SOMETLD_ARE_BAD_TLD

    I guess if 'legit' email is scoring 17-19, then whitelisting may be a better approach than tweaking spam rules. I have had some email that I considered not to be spam. However they were so spammy in their style and formatting, I think any content based spam filter would look unkindly on them...
  15. K

    [SOLVED] KAM_SOMETLD_ARE_BAD_TLD

    In my case, the emails concerned were spam. I was just looking to understand things a bit better. In your case, you might want to reduce the score (possibly zero) for `KAM_SOMETLD_ARE_BAD_TLD`.
  16. K

    Templates and PMG upgrades

    I'm with you on that, especially since the package upgrade now checks for diffs between /etc/pmg/templates & vanilla templates. I did however see this thread, which mentions another approach. Symlinking to distribution templates in /etc/pmg/templates.
  17. K

    Templates and PMG upgrades

    IME the error is fatal. pmgconfig will not generate the relevant config file if you try to insert file contents from an absolute path. With that template in place, temporarily remove (or change contents of) /etc/postfix/main.cf and run pmgconfig sync: The output file is not created/updated.
  18. K

    Templates and PMG upgrades

    It seems that, in order for INSERT above to work as intended, ABSOLUTE (or REALATIVE) must be true. AFAICS these can't be set in a template file but rather require modifying template constructor in one or more perl scripts of the pmg-api package...
  19. K

    Templates and PMG upgrades

    I am not sure it does work. But constructing custom template using the INSERT directive looks like a useful feature. Is there any documentation on using the INSERT/ABSOLUTE options?
  20. K

    lxc permissions in order to set sensor thresholds

    I run lm-sensors in a container. I can read the host sensors fine but cannot set thresholds from within the container (I currently have to do that on the pve host). What lxc device node permissions would be needed in order to successfully run sensors -s within the container? The board's sensor...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!