[pfx] Re: local_recipient_maps does not apply to local mail submission

On Mon, Aug 28, 2023 at 04:14:33PM -0400, Viktor Dukhovni via Postfix-users wrote: > However, neither eventuality is at all likely. My take is that it would > not be an unwelcome breaking change to apply the table in any context > other than SMTP ingres. s/would not

[pfx] Re: local_recipient_maps does not apply to local mail submission

On Mon, Aug 28, 2023 at 09:01:35PM +0200, Étienne Miret via Postfix-users wrote: > Anyway, I promised a documentation patch that would make this more > explicit, here it is! Sorry it took me a little long to do it, as I have > been busy on other issues. The documentation patch seems to suggest

[pfx] Re: Comcast still 421 throttling (RL000001) multiple recipients.

On Sun, Aug 27, 2023 at 02:33:49PM -0400, Viktor Dukhovni via Postfix-users wrote: > I hope that Comcast will relax their limits to allow at least 2 (ideally > closer to 5 or 10) recipients per message so long as the sending system > does not have a "known bad" rep

[pfx] Re: BUG: Postfix deals badly with corrected-typo in aliases :(

On Sun, Aug 27, 2023 at 04:06:18PM -0400, Viktor Dukhovni via Postfix-users wrote: > If the aliases(5) table has actually been rebuilt, and the message > is now deliverable, the background refresh is supposed to happen: > > address_verify_negative_refresh_time

[pfx] Re: BUG: Postfix deals badly with corrected-typo in aliases :(

On Sun, Aug 27, 2023 at 01:41:19PM -0600, Pete Holzmann wrote: > Ummm... Viktor, how many people do *you* think have read the fine > documentation on every verification option they use in their main.cf > restriction configurations? I don't know. What I do know is that using features whose

[pfx] Re: Comcast still 421 throttling (RL000001) multiple recipients.

On Sun, Aug 27, 2023 at 11:12:03AM -0700, Bill Sommerfeld via Postfix-users wrote: > On 8/27/23 00:13, Wietse Venema via Postfix-users wrote: > > Would it be sufficient to never send more than 1 recipient per > > mesage, thus never trigger their temporary "block all mail" strategy, > > and avoid

[pfx] Re: smtpd_command_filter: Bounce-never regex sample wrong?

On Sun, Aug 27, 2023 at 10:25:10AM +0200, lutz.niederer--- via Postfix-users wrote: > In postconf > smtpd_command_filter section there is an example for never > bouncing mails (no DSN): > > # Bounce-never mail sink. Use notify_classes=bounce,resource,software > # to send bounced mail

[pfx] Re: Comcast still 421 throttling (RL000001) multiple recipients.

On Sun, Aug 27, 2023 at 03:13:43AM -0400, Wietse Venema via Postfix-users wrote: > Bill Sommerfeld via Postfix-users: > > About three years ago there was a thread on postfix-users ("Comcast 421 > > throttling multiple recipients") discussing a low-traffic site having > > difficulties sending to

[pfx] Re: BUG: Postfix deals badly with corrected-typo in aliases :(

On Fri, Aug 25, 2023 at 08:07:01PM -0600, Pete Holzmann via Postfix-users wrote: > SUMMARY > > * Scenario/repeatability: >- See www.postfix.org/ADDRESS_VERIFICATION_README.html#caching >- Since Postfix 2.7, there's a persistent verification database. Actually, there isn't, or, more

[pfx] DANE monitoring building block: updated "danesmtp" shell function

On Wed, Aug 16, 2023 at 07:48:30PM -0400, Viktor Dukhovni wrote: > Problem found via: > > danesmtp () > { > local host=$1; > shift; > local opts=(-starttls smtp -connect "$host:25" -verify 9 > -verify_return_error -dane_ee_no_n

[pfx] Re: How can I set up a very simple postfix server

On Wed, Aug 23, 2023 at 01:36:29PM +1200, Peter via Postfix-users wrote: > > "The problem" (i have given up and did not try it for long) is the > > configuration directory. Does this work without configuration > > directory? I had to try again. The default Postfix directory (the one compiled

[pfx] Re: Rate limiting gmail

On Tue, Aug 22, 2023 at 03:41:43PM -0400, Alex via Postfix-users wrote: > I'm hoping I could ask what is probably an FAQ but I haven't seen > anything on it recently. I've already implemented some type of rate > limiting for delivering to gmail, but it's apparently not working > satisfactorily

[pfx] Re: smtp auth on port 25

On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote: > >> If your have smtpd_sasl_auth_enable=yes for your services on port > >> 587 (submission) and port 465 (smtps or submissions), then you can > >> remove it from master.cf when all your AUTH users are not using > >> the port 25 service.

[pfx] Re: smtp auth on port 25

On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote: > What is the output from > > postconf -P '*/inet/smtpd_sasl_auth_enable' > > That will show the smtpd_sasl_auth_enable settings in master.cf. > > If your have smtpd_sasl_auth_enable=yes for your services on

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote: > not exactly the same issue to my read, but there may be more to it? As suspected, the OP has an incomplete DANE TLSA RRset that fails to match the system's RSA certificate (the additional ECDSA certifcate does match, but

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Wed, Aug 16, 2023 at 02:07:39PM +, Serg wrote: > Thanks for pointing this out, I forgot to update it when migrating from RSA > to ECC certificate. It seems you don't have monitoring in place that checks the correctness of your TLSA records vis-à-vis your certificate chain. Monitoring is

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Wed, Aug 16, 2023 at 10:56:07AM +, Serg via Postfix-users wrote: > I have checked email server of mine and can confirm I am seeing that too > (logs are since Aug 13 03:50:38 EEST): > > > admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com > > /var/log/mail.log | grep 'ehlo=1

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Wed, Aug 16, 2023 at 09:12:44AM -0400, pgnd via Postfix-users wrote: > 4 0.321516 192.0.2.25 → 52.101.62.16 SMTP 121 S: 220 > mx1.example.net ESMTP . Your server's hostname and served domains continue to be hidden. Are you perhaps willing and able to post those details?

[pfx] Re: local_recipient_maps does not apply to local mail submission

On Wed, Aug 16, 2023 at 01:51:24AM +0200, Étienne Miret via Postfix-users wrote: > I found this discrepancy surprising and am suggesting it is removed. In > case others argue it is useful or that removing it will break some > configurations, I am asking it is documented. The discrepancy is

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Tue, Aug 15, 2023 at 05:12:53PM -0400, Viktor Dukhovni via Postfix-users wrote: > > 2023-08-14T13:12:00.131049-04:00 svr01 > > postfix/postscreen-internal/smtpd[27907]: disconnect from > > mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17] > >

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote: > 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT > from [52.101.56.17]:32607 to [209.123.234.54]:25 > 2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW >

[pfx] Re: Postfix does not fallback to plaintext

On Tue, Aug 15, 2023 at 11:51:07AM -0400, Wietse Venema via Postfix-users wrote: > > That's my instinct also. Waiting out transient glitches by retrying on > > the next delivery attempt is not an option for probes. And probes don't > > leak message content in the clear, nor even the full

[pfx] Re: Postfix does not fallback to plaintext

On Tue, Aug 15, 2023 at 11:33:08AM -0400, Wietse Venema via Postfix-users wrote: > With that, the condition evaluates to: > > 1: session->tls_context == 0 true > 2: state->tls->level == TLS_LEV_MAYpresumably true > 3: PREACTIVE_DELAY >=

[pfx] Re: Postfix does not fallback to plaintext

[ $subject would have been more clear had the OP mentioned that he's talking about address verification probes. ] On Tue, Aug 15, 2023 at 01:29:14PM +, Serg via Postfix-users wrote: > > admin@flopster ~ $ sudo postconf | grep ^smtp_tls > > smtp_tls_cert_file =

[pfx] Re: How to block subaddressing from extern with a table

On Mon, Aug 14, 2023 at 11:54:16PM +0200, lutz.niede...@gmx.net wrote: > Ah, still one question. I don't remember exactly where, but I believe > that you said it would be better to split into separate instances. > Sorry, can't find it anymore.

[pfx] Re: How to block subaddressing from extern with a table

On Mon, Aug 14, 2023 at 11:04:56PM +0200, lutz.niederer--- via Postfix-users wrote: > we need to block subaddressing from extern, and only from extern. > Internally we use it really often. A sensible initial simplification is to not mix inbound and outbound mail on the same Postfix instance.

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote: > > Length: 00 00 9c (156) > > ... > > 0x01,0x88 7 ??? > > ... > > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA > > ... > > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS > > ... &

[pfx] Re: Block based on subject and rcpt to

On Mon, Aug 14, 2023 at 04:13:54PM -0300, SysAdmin EM via Postfix-users wrote: > Hi, Is it possible to discard an email based on the Subject and the > destination email address? > I try this and not work: > > /^Subject:.*Test email subject .*To:.*m...@me.com/ DISCARD Note that "the destination

[pfx] Re: SASL authentication with colon „:“ in username not possible

On Sun, Aug 13, 2023 at 01:47:05PM -0400, Wietse Venema via Postfix-users wrote: > > Any votes for JSON? :-) > > > > { "account": "user:foo", "base64password": "" } > > Before other people start to chime in, let me set some expectations. My suggestion of JSON is largely in

[pfx] Re: SASL authentication with colon „:“ in username not possible

On Sat, Aug 12, 2023 at 08:05:52PM -0400, Wietse Venema via Postfix-users wrote: > My preference would be: > > smtp_sasl_password_map_result_delimiter > printable character or C escape (like \t for TAB) > default = : (for backwards compatibility) > must not be empty > must not

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 02:03:56PM -0400, Viktor Dukhovni via Postfix-users wrote: > > checking further > > > > grep smtpd_tls main.cf | grep file > > smtpd_tls_dh1024_param_file=${config_directory}/dh4096.pem > > smtpd_tls_eckey_file

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 02:27:14PM -0400, pgnd wrote: > >> Handshake type: 01 (Client Hello) > >> Length: 00 00 9c (156) > > > One thing I failed to mention is that length of 156 is rather unexpected > > ... > > And there's also that mysterious 0x01,0x88 cipher, which is not listed > > in the

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni via Postfix-users wrote: > > Handshake type: 01 (Client Hello) > > Length: 00 00 9c (156) One thing I failed to mention is that length of 156 is rather unexpected here, because the containing TLS record layer header promi

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 01:35:11PM -0400, pgnd wrote: > > https://datatracker.ietf.org/doc/html/rfc7672#section-8.2 > > I've no idea in this case why aNULL is explicitly ref'd; for my own > configs I don't call it out, rather stick with the default See the final comment in this message. >

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 01:42:04PM -0400, pgnd wrote: > after the key file cleanup, > > ... > Untrusted TLS connection established from > esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher > ECDHE-RSA-AES128-GCM-SHA256 > ... > > seems, in fact, EC-ready That's ECDHE key

[pfx] Re: identifying sender failing ssl/tls cipher (ECDSA server certificate???)

On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote: > postconf mail_version > mail_version = 3.8.1 As background, the RELEASE_NOTES for 3.8 mention: - Postfix default settings now exclude the following deprecated or unused ciphers (SEED, IDEA,

[pfx] Re: email being flagged a spam for using localhost [127.0.0.1] as first hop

On Wed, Aug 09, 2023 at 02:53:02PM -0400, Wietse Venema wrote: > > > vpnsub_cleanup unix n - n - 0 cleanup > > > -o {header_checks=regexp:{{/^Received:/ IGNORE}}} > > > > I am not aware of any suport for such inline regexp tables. What > > release of

[pfx] Re: email being flagged a spam for using localhost [127.0.0.1] as first hop

On Wed, Aug 09, 2023 at 06:48:11PM +0200, Steffen Nurpmeso via Postfix-users wrote: > Yeah the wonderful suggestion of this super helpful list (thanks > again!) for my setup (laptop postfix on "forbidden address" relays > to in-VPN postfix which then sends out) was > > 192.0.2.1:submission

[pfx] Re: debugging an appliance connection

On Wed, Aug 09, 2023 at 11:35:12AM -0500, shorton wrote: > >Do you have "reject_unauth_pipelining" in any of your smtpd > >restrictions, in either main.cf or master.cf? > > I do: > smtpd_data_restrictions = > reject_unauth_pipelining, > permit That's the reason why the

[pfx] Re: debugging an appliance connection

On Wed, Aug 09, 2023 at 10:31:18AM -0500, Scott Techlist via Postfix-users wrote: > Client has an appliance (Axion RTAC) that sends email based reports. > I don't have access to the appliance or its docs. It used to send its > emails to an Exchange server that has been decommissioned. I'm

[pfx] Re: email being flagged a spam for using localhost [127.0.0.1] as first hop

On Wed, Aug 09, 2023 at 07:34:48AM +0200, Fourhundred Thecat via Postfix-users wrote: > So that the first hop looks like this: > > Received: from [127.0.0.1] (localhost [127.0.0.1]) > by mail.xxx.yyy (Postfix) with ESMTPSA id 7E011B0 > for ; Wed, 9 Aug 2023 07:04:42 +0200 (CEST) Try

[pfx] Re: bounce management

On Tue, Aug 08, 2023 at 01:28:51PM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > >> > We're only doing basic spam protection for them, > >> > >> What is the nature of the "basic spam protection"? Can it be done > >> pre-queue? > > On 07.08.23 15:19, Alex via Postfix-users wrote: >

[pfx] Re: bounce management

On Mon, Aug 07, 2023 at 03:19:59PM -0400, Alex wrote: > > The only plausible solution on your end is to not queue mail for this > > domain, but rather proxy it through to the destination, with the > > response to "." coming from the final downstream systems. This may be > > possible with: > > >

[pfx] Re: bounce management

On Mon, Aug 07, 2023 at 11:24:30AM -0400, Alex via Postfix-users wrote: > We're only doing basic spam protection for them, What is the nature of the "basic spam protection"? Can it be done pre-queue? The only plausible solution on your end is to not queue mail for this domain, but rather proxy

[pfx] Re: Accepting mail from old Dell iDRAC

On Sun, Aug 06, 2023 at 12:14:10AM -0400, Charles Sprickman wrote: > > If not for your sake, then perhaps for future readers, it would be great > > if you would confirm or deny what type of certificate is configured on > > the Postfix SMTP server end? > > Oops, missed this earlier. Would have

[pfx] Re: Accepting mail from old Dell iDRAC

On Sat, Aug 05, 2023 at 03:27:01PM -0400, Charles Sprickman via Postfix-users wrote: > > Nope, ever since SSL 3.0 the client proposes and the server chooses. > > The issue is very likely that the server's certificate is ECDSA or > > Ed25519, and so not supported by the client. > > > >

[pfx] Re: Accepting mail from old Dell iDRAC

On Sat, Aug 05, 2023 at 11:23:06AM -0700, Dan Mahoney via Postfix-users wrote: > Under the hood, idracs do use openSSL, and it’s not unreasonable to > assume that both the SMTP client and the web server use the same > linked version. You could start by seeing which ciphers the idrac 7 > web UI

[pfx] Re: Accepting mail from old Dell iDRAC

On Wed, Aug 02, 2023 at 11:28:09PM -0400, Charles Sprickman via Postfix-users wrote: > [root@mail /usr/local/etc/postfix]# postconf -n |grep tls > smtp_tls_note_starttls_offer = yes > smtp_use_tls = yes > smtpd_tls_auth_only = no > smtpd_tls_cert_file =

[pfx] Re: Accepting mail from old Dell iDRAC

On Wed, Aug 02, 2023 at 01:26:43AM -0400, Charles Sprickman via Postfix-users wrote: > [root@mail /usr/local/etc/postfix]# postconf -n |grep smtpd_tls > smtpd_tls_auth_only = no > smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/foo/fullchain.pem > smtpd_tls_key_file =

[pfx] Re: sender_dependend_relay_host_maps and local recipients

On Mon, Jul 24, 2023 at 03:53:17PM +0200, Robert Senger via Postfix-users wrote: > I have a few freemail accounts that I use mainly for testing and > special purposes. All those accounts are forwaring incoming mail to a > corresponding account at my ow server, like > "r.senger_@example.com". For

[pfx] Re: server does not pick up new certificates

On Mon, Jul 24, 2023 at 03:27:34PM +0200, Bernardo Reino via Postfix-users wrote: > > Systems crash. What are the reliability guarantees from the certbot > > client: will it run once, or will it somehow maintain state and > > recover when a run was interrupted by a system crash? > > In such

[pfx] Re: SMTP client: How to log reason for untrusted TLS connection to MX?

On Sun, Jul 23, 2023 at 11:22:26PM +0200, Paul Menzel wrote: > > Does it really matter why some site offering opportunistic STARTTLS does > > not have a validatable certificate? The connection can be trivially > > downgraded by an on-path attacker (stripping STARTTLS) to just be > > cleartext.

[pfx] Re: server does not pick up new certificates

On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users wrote: > In the case of the dehydrated ACME client > (https://github.com/dehydrated-io/dehydrated) there's an option to run > a bunch of commands on successful update, including something like > "postfix reload" - one could also

[pfx] Re: server does not pick up new certificates

On Sun, Jul 23, 2023 at 08:18:21PM +0200, lejeczek via Postfix-users wrote: > > You need to rebuild it periodically. Once a week should be enough, > > ACME certificates are typically good for 90 days and get replaced > > every 60, so when the new one is minted the old one is still good > > for

[pfx] Re: server does not pick up new certificates

On Sun, Jul 23, 2023 at 09:39:52AM +0200, lejeczek via Postfix-users wrote: > > What is "snis.map", and how is it used in your configuration? > > tls_server_sni_maps = hash:/etc/postfix/snis.map And when did you run as root: # postmap -F hash:/etc/postfix/snis.map to update that table?

[pfx] Re: server does not pick up new certificates

On Thu, Jul 20, 2023 at 07:11:41PM +0200, lejeczek via Postfix-users wrote: > I use what I believe is pretty much vanilla-common setup - snis.map I > had to restart the deamon/server in order for _postix_ to notice new > certs - naturally located in same one place - reload did not do. What is

[pfx] Re: postfix database, aliases, permissions, configuration issue, help requested, perplexed

On Thu, Jul 20, 2023 at 08:45:46AM -0400, David Mehler via Postfix-users wrote: > Thank you for your reply. My apologies, I thought these issues were > all possibly interrelated. > > To the first issue the postfix process dying. Quite possibly, the right formulation is "exiting as expected",

[pfx] Re: postfix database, aliases, permissions, configuration issue, help requested, perplexed

On Wed, Jul 19, 2023 at 06:03:17PM -0400, David Mehler via Postfix-users wrote: > I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and > Dovecot 2.3 using virtual mailbox domains. There are no local everyone > is virtual. The first problem I'm seeing is the Postfix process is >

[pfx] Re: something like "enforce_mime_output_conversion"

On Tue, Jul 18, 2023 at 06:37:08PM -0400, Wietse Venema via Postfix-users wrote: > Turns out that this required very little code (basically one boolean > configuration parameter that controls a bitfield flag that is input > to the Postfix MIME processor. Preliminary manpage text is below. Cool!

[pfx] Re: something like "enforce_mime_output_conversion"

On Tue, Jul 18, 2023 at 11:29:20AM -0400, Wietse Venema via Postfix-users wrote: > This can work with the 'advanced' example in FILTER_README: > > main.cf: > content_filter = smtp-7bit:127.0.0.1:10025 > > master.cf: > smtp-7bit .. .. .. .. .. .. smtp >-o {

[pfx] Re: something like "enforce_mime_output_conversion"

On Tue, Jul 18, 2023 at 01:43:46PM +0200, Tinne11 via Postfix-users wrote: > In order to follow this recommendation, a Postfix MSA (being part of a > system DKIM-signing outbound messages) needs to be configured to convert all > submitted 8-bit messages to 7-bit (base64 or Quoted-Printable). Is

[pfx] Please avoid TLSA records matching retired issuing CAs.

[ Also posted to dane-us...@list.sys4.de ] There are still ~250 MX hosts with DANE TLSA records that match the retired X3 or X4 Let's Encrypt CAs. Perhaps also other retired CAs, but these are the ones I'm tracking at: https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html Please take care

[pfx] Re: search for compression switch?

On Sun, Jul 16, 2023 at 11:02:23PM +0200, Benny Pedersen via Postfix-users wrote: > > cat access | wc -l > > 2'294'583 > > > > Yes me problem are that this file are to big for me little system > > will add more memory solve it ? > > local rbldnsd ?, dont know if postfix uses less ram for

[pfx] Re: search for compression switch?

On Sun, Jul 16, 2023 at 10:05:20AM +0200, Maurizio Caloro via Postfix-users wrote: > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/whitelistCIDR+IP > cidr:/etc/postfix/access > > root postfix 47M Jul 16 08:34 /etc/postfix/access > root postfix

[pfx] Re: Problems connecting to desktop client

On Sun, Jul 16, 2023 at 03:56:36PM +0200, Wolfgang Paul Rauchholz via Postfix-users wrote: > Postfix and Dovecot are up and running, and I can send and receive emails > from CLI. Dovecot is likely listening only on the "implicit TLS" IMAP port, namely 993. - On port 993, clients start by

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 11:16:56AM +0300, Ivan Hadzhiev via Postfix-users wrote: > You can copy from here: > *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem > > * > or you can create it > >

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 10:09:34AM +0200, Paul Menzel via Postfix-users wrote: > The Internet.nl email test, reports for molgen.mpg.de [1]: Their criteria are cranked up to 11. Do not attempt to get a 100% score from their site. It will be counterproductive (reduce security) by making it

[pfx] Re: [ext] TLS issues

On Wed, Jul 12, 2023 at 11:15:14AM +0200, Ralf Hildebrandt via Postfix-users wrote: > > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem > > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key > > Try adding: > > smtp_tls_key_file = $smtpd_tls_key_file > smtp_tls_cert_file =

[pfx] Re: [ext] warn_if_reject and MILTER

On Tue, Jul 11, 2023 at 04:28:54PM +0200, Ralf Hildebrandt via Postfix-users wrote: > If I remember correctly, soft_bounce is some sort of el-cheapo "replace > 5 with 4 in the output to the client"-thing. And thus should work even > with milters. Yes, but keep in mind that milters also can

[pfx] Re: local sending

On Tue, Jul 11, 2023 at 09:11:25AM +0100, Ken Gillett via Postfix-users wrote: > Anyway, using @home is acceptable and works from both the Mac Pro and > a debian linux machine (and probably others) on the LAN. These arrive to the "server" Postfix instance via SMTP. > The problem > however is

[pfx] Re: local sending

On Tue, Jul 11, 2023 at 09:11:25AM +0100, Ken Gillett via Postfix-users wrote: > Postfix has been installed on the Mini for several years and I can > send a message from e.g MacOS Mail.app on my Mac Pro to user@home and > receive it in that account (also configured in same Mail.app). I > wanted

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 04:56:31PM +0100, Ken Gillett via Postfix-users wrote: > Ok, so logged in on Mac and used the Server admin tool to change a > setting (added a relay host). The main.cf in > /Library/Server/Mail/Config/postfix was updated. So that's what MacOS > thinks is the config dir as

[pfx] Re: Postfix "sendmail -bv" command: Trouble with spamassassin and virtual_aliases

On Mon, Jul 10, 2023 at 03:24:54PM +0200, Robert Senger wrote: > Hey, that was me! My full given name *is* Robert'); DROP ... > > CONFDIR=/etc/postfix > POSTMAP=/usr/sbin/postmap > LOCAL_VIRTUAL_USERS=mysql:${CONFDIR}/virtual_mailboxes.mysql.cf > > recipient=$(printf '%s' "$2" | sed

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 09:17:52AM -0400, Viktor Dukhovni via Postfix-users wrote: > > First of all, changes I have made in main.cf are not being used. > > AFAICT I am editing the main.cf that is used:- > > > > ps ax | grep master => master -c /Library/Server/M

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 10:34:44AM +0100, Ken Gillett via Postfix-users wrote: > First of all, changes I have made in main.cf are not being used. > AFAICT I am editing the main.cf that is used:- > > ps ax | grep master => master -c /Library/Server/Mail/Config/postfix Yes, with "-c" the

[pfx] Re: Postfix "sendmail -bv" command: Trouble with spamassassin and virtual_aliases

> On 10 Jul 2023, at 5:50 am, Matus UHLAR - fantomas via Postfix-users > wrote: > >>> #!/bin/bash >>> user=`echo "$2" | sed 's/[<>]//g'` >>> ret=`echo "select destination from virtual_aliases where >>> source=\"$user\";" | /usr/bin/mysql -upostfix -psecretpassword >>> mailserver | tail -n 1`

[pfx] Re: Getting Recipient when Message size limit is exceeded

On Fri, Jul 07, 2023 at 11:54:44AM -0400, Viktor Dukhovni via Postfix-users wrote: > If the client uses PIPELINING, the pipelined "RCPT TO" after the rejected > "MAIL FROM" will presumably be logged. Turns out that's not the case. Postfix does not log client "s

[pfx] Re: Getting Recipient when Message size limit is exceeded

On Fri, Jul 07, 2023 at 11:47:35AM -0400, postfix--- via Postfix-users wrote: > > Currently Postfix do not show in log the Recipient of emails that > > exceed Meesage_size_limit becasue MAIL FROM comes before RCPTO TO... > > but is there any nice way of forcing Postfix to reject that email > >

[pfx] Re: Ongoing authentication issue, SASL support?

On Fri, Jul 07, 2023 at 05:24:45PM +0200, Jaroslaw Rafa via Postfix-users wrote: > > seems to me that having all possible mail recipients as system users > > is not practical on even systems of moderate user count. > > My previous job was administering servers at an university. Our main >

[pfx] Re: Ongoing authentication issue, SASL support?

On Fri, Jul 07, 2023 at 10:27:38AM -0400, joe a via Postfix-users wrote: > >> local_recipient_maps = > > > > This is the wrong solution. With this setting, postfix will accept > > mail to any user address, and you will eventually have a queue full > > of undeliverable bounces, plus get listed

[pfx] Re: SMTP connections being restricted to 20

On Thu, Jul 06, 2023 at 05:08:44PM +, Mark Wheeler via Postfix-users wrote: > Thank you for your response. In answer to your questions: > > > * It's a problem as the box is continuing to receive a lot of > email so if the sending of mail is throttled we are getting a > large

[pfx] Re: send clear text passwords to relayhost?

On Thu, Jul 06, 2023 at 06:38:34PM +0200, Ede Wolf via Postfix-users wrote: > Jep, I just retested. Changed to plain, restarted postfix and mail gets > deferred: > > relay=smtp.worldserver.net[217.13.200.36]:587, delay=1, > delays=0.07/0.01/0.95/0, dsn=4.7.0, status=deferred (SASL

[pfx] Re: SMTP connections being restricted to 20

On Thu, Jul 06, 2023 at 02:42:43PM +, Mark Wheeler via Postfix-users wrote: > We are seeing an issue whereby out postfix outbound mailserver is > restricting the outgoing connections to 20. We think we have update > the config correctly, however, we are still seeing it throttled to 20. 1.

[pfx] Re: Maildir changes in 3.7.4?

On Thu, Jul 06, 2023 at 05:43:22AM -0700, Dan Mahoney via Postfix-users wrote: > We have our aliases file pushing things into our RT install, but also > saving things to a maildir, so we can manually feed a single file back > in, thusly: > > In /etc/aliases: > > noc:

[pfx] Re: Ongoing authentication issue, SASL support?

On Thu, Jul 06, 2023 at 08:32:42AM -0400, joe a via Postfix-users wrote: > While chasing a postfix (version 3.5.9) to dovecot authentication issue, > checked "compiled in" methods: > > postconf -a >cyrus >dovecot > postconf -A > cyrus As expected and documented. Dovecot is only

[pfx] Re: send clear text passwords to relayhost?

On Thu, Jul 06, 2023 at 08:10:39AM +0200, Ede Wolf via Postfix-users wrote: > > BINGO! The server is advertising CRAM-MD5, and unless you filter it out > > SASL will attempt to use that instead of plain. Therefore, in the > > proposed "master.cf" entry you also need: > > > > -o {

[pfx] Re: send clear text passwords to relayhost?

On Wed, Jul 05, 2023 at 10:09:12PM +0200, Ede Wolf via Postfix-users wrote: > thanks very much for your reply. I still may have some understanding issues: > > Am 05.07.23 um 16:22 schrieb Viktor Dukhovni via Postfix-users: > > On Wed, Jul 05, 2023 at 02:42:54PM +0200, Ede Wolf vi

[pfx] Re: send clear text passwords to relayhost?

On Wed, Jul 05, 2023 at 02:42:54PM +0200, Ede Wolf via Postfix-users wrote: > I am having a weired issue. My provider for the relayhost switched to > SSL - which is fine by itself - but that also changed the authentication > scheme. What SASL mechanism was used before that? You're in fact

[pfx] Re: Remove mailer-daemon

On Mon, Jul 03, 2023 at 10:07:55PM +, Israel britto via Postfix-users wrote: > How can I delete all mailer-daemon messages from my mail server? By not accepting mail for non-existent recipients. With working recipient validation on input, you can ignore the trickle of bounces that might now

[pfx] Re: Typo in man postconf ("Postix")

On Mon, Jul 03, 2023 at 09:52:28PM +, Scott Kitterman via Postfix-users wrote: > >Should I ask WTF BTS? > > Bug Tracking System. No. I see... The Postfix project does not curate bugs. There are, except briefly for O(1 day) from the date the bug is reported, zero known outstanding bugs.

[pfx] Re: Typo in man postconf ("Postix")

On Tue, Jul 04, 2023 at 06:19:26AM +1000, Trent W. Buck via Postfix-users wrote: > master:postfix/proto/postconf.proto:6450: This feature is available in > Postix 2.10 and later. > master:postfix/proto/stop:1185:Postix > > Are these typos? Yes. The fix is trivial: --- proto/postconf.proto

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 05:04:59PM -0700, Patrick Mahan wrote: > > > The on-disk file format of Berkeley DB is not standardised across major > > > versions. A system upgrade may require rebuilding the aliases ".db" > > > file due to an incompatible Berkeley DB driver. > > > > I should perhaps

[pfx] Re: Postfix sending to undefined (?)

On Sun, Jul 02, 2023 at 07:51:11PM -0400, joe a via Postfix-users wrote: > >> >> When attempting to send an email to postfix on that box, for delivery > >> >to > >> >> the local dovecot (via lmtp), the message instead goes out to my ISP > >> in > >> >> the fashion of currently working

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 07:03:47PM -0400, Viktor Dukhovni via Postfix-users wrote: > The on-disk file format of Berkeley DB is not standardised across major > versions. A system upgrade may require rebuilding the aliases ".db" > file due to an incompatible Berkeley DB driver

[pfx] Re: Postfix sending to undefined (?)

On Sun, Jul 02, 2023 at 06:49:53PM -0400, joe a via Postfix-users wrote: > > Viktor Dukhovni via Postfix-users Sun, 02 Jul 2023 14:21:52 -0700 > > > >On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-users >wrote: > > > >> When attempting to

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 03:13:55PM -0700, Patrick Mahan wrote: > > On Sun, Jul 02, 2023 at 02:44:51PM -0700, Patrick Mahan via Postfix-users > > wrote: > > > > > Recipient address rejected: unverified address: > > > alias database unavailable; [...] > > > > > > alias_database =

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 02:44:51PM -0700, Patrick Mahan via Postfix-users wrote: > Recipient address rejected: unverified address: > alias database unavailable; [...] > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases Run: # postalias hash:/etc/aliases (The

[pfx] Re: Postfix sending to undefined (?) relay

On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-users wrote: > When attempting to send an email to postfix on that box, for delivery to > the local dovecot (via lmtp), the message instead goes out to my ISP in > the fashion of currently working email se[r]ver.

[pfx] Re: LDAP map configuration

On Thu, Jun 29, 2023 at 04:19:01PM +, Joseph L. Casale via Postfix-users wrote: > I have main.cf configured with relay_recipient_maps = > ldap:/etc/postfix/relay_recipients where relay_recipients contains a > bind_dn and bind_pw entry. > > I need to manage the bind parameters in another

[pfx] Re: DANE for postfix mailing list?

On Thu, Jun 29, 2023 at 06:08:27PM +0200, Joachim Lindenberg via Postfix-users wrote: > I remember there was the goal to use DANE for the mailing list, but I > wonder whether or to what extend that has been achieved. > The list traffic is hardly confidential, but "dog-food" consumption has

<    1   2   3   4   5   6   7   8   9   10   >