On Thu, Sep 29, 2011 at 12:25:07PM -0700, Cameron Smith wrote:
How can I set a different SMTP hostname greeting for each dedicated
IP Address on my server?
domainone.com 192.0.43.11
domaintwo.com 192.0.43.12
domainthree.com 192.0.43.13
How can I make the SMTP hostname greeting for
On Thu, Sep 29, 2011 at 02:29:16PM -0700, Cameron Smith wrote:
How can I make the SMTP hostname greeting for those IPs match the domains?
No need.
192.0.43.11:smtp inet n - n - - smtpd -o myhostname=domainone.com
192.0.43.12:smtp inet n - n - - smtpd -o myhostname=domaintwo.com
On Tue, Oct 04, 2011 at 10:00:40PM -0400, Wietse Venema wrote:
mephistophe...@operamail.com:
smtpd_tls_ciphers = RSA
As documented, smtpd_tls_ciphers specifies a cipher GRADE
not a cipher NAME.
TLS_README suggests that the grades are export and high.
Well the full list of grades is:
On Wed, Oct 05, 2011 at 05:28:40PM -0400, Homer Wilson Smith wrote:
Running Postfix 2.8.2
When I telnet smtp0.lightlink.com 25, and type 'help',
it says unknown command.
Thanks in advance for pointers to RTFM.
Homer Smith
Lightlink Internet
For help with SMTP
On Thu, Oct 06, 2011 at 11:04:01AM -0300, Bevan Agard wrote:
I am trying to configure postfix to pull the values of a LDAP user group and
distribute the email accordingly. I have gotten as far as having it pull
the info however it passes it as one long comma separated string and as such
it
On Fri, Oct 07, 2011 at 02:20:06PM -0500, Stan Hoeppner wrote:
If I may make a purely subjective comment: 2.5m spooled emails on a
single host is insane.
I tested this scale some years back, it was actually the motivation
for adding SMTP connection caching to Postfix ~2.1. If one's bulk
On Fri, Oct 07, 2011 at 05:15:20PM -0400, Simon Brereton wrote:
postfix/smtpd[25614]: warning: TLS library problem: 25614:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL
alert number 46:
This client could not verify your server certificate, its
On Mon, Oct 10, 2011 at 12:37:02PM +1030, Tom Lanyon wrote:
When using a LDAP lookup table the 'special_result_attribute'
parameter is available to allow me to recurse to other DNs [e.g.
recursing to members of a LDAP group]. I can also use the
'leaf_result_attribute' parameter to select
On Tue, Oct 11, 2011 at 01:35:36PM +0200, Stefan Bertels wrote:
On Mon, 10 Oct 2011, Viktor Dukhovni wrote:
0. ALWAYS read your logs
I always do. Original delivery address shows up there every time I test
(p...@stefan-bertels.de). I tested using sendmail -bv, too. Same result.
and when
On Wed, Oct 12, 2011 at 07:44:34AM -0400, Charles Marcus wrote:
On 2011-10-12 2:13 AM, Tolga to...@ozses.net wrote:
pickupfifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
You still have lots of stuff chrooted...
I'm
On Wed, Oct 12, 2011 at 09:13:45AM +0300, Tolga wrote:
Below are my postconf -n and master.cf:
root@vps:~# postconf -n
debug_peer_level = 3
debug_peer_list = localhost
Don't.
myhostname = vps.ozses.net
No such host in the public DNS.
mynetworks = 127.0.0.0/8 127.0.0.2/32
On Wed, Oct 12, 2011 at 02:20:49PM +, Vianney Foucault wrote:
I did not find yet the way to achieve ldap check for differents domains.
relay_domain = dom1.com, dom2.net
relay_recipient_maps = ldap:/etc/postfix/ldap-aliases.cf
ldap-aliases.cf
domain = dom1.com
server_host =
On Mon, Oct 17, 2011 at 07:17:18PM -0700, Edward Morbius wrote:
Several of our peer mail systems (outbound) seem to take a while responding
to initial SMTP connections.
Is there any particularly dread pitfall to watch out for in bumping these
values up? 20s for connection, 40s for HELO is
On Tue, Oct 18, 2011 at 01:04:30PM -0400, Simon Brereton wrote:
Is smtpd_enforce_tls=yes a suitable replacement/substitute for
smtpd_tls_auth_only = yes?
With smtpd_tls_security_level=encrypt (or its legacy form) the
smtpd_tls_auth_only feature is arguably reduntant, but it is
harmless, and
On Wed, Oct 19, 2011 at 06:15:31PM +0200, eu...@mail2.infochem.de wrote:
Not entirely, you configured only the leaf server cert, and did
not also configure the intermediate CA cert (which should be appended
to your cert.pem file).
Thanks for catching it -- I obviously don't really know
On Thu, Oct 20, 2011 at 02:44:16PM +0900, Ian Masters wrote:
Is it possible to block all attachments with postfix? I'm using
/etc/postfix/mime_header_checks but I can't seem to block all attachments,
especially ones without file suffixes.
Be careful what you wish for: The question of what is
On Tue, Oct 25, 2011 at 10:14:39PM -0700, Quanah Gibson-Mount wrote:
Ok, logs were still on the server I was using earlier. Here's part
of one of the connections in question.
LDAP server logs are no way to report a suspected Postfix issue to
this list. They are for LDAP administrators, not
On Wed, Oct 26, 2011 at 04:56:40PM +0300, Nerijus Kislauskas wrote:
On 10/26/2011 02:09 PM, Noel Jones wrote:
The postfix database interface is a general-purpose mechanism, not
an LDAP interface. In the case of relay_recipient_maps, the
requirement is that a result must be returned, but
On Wed, Oct 26, 2011 at 09:17:17PM +0300, Nerijus Kislauskas wrote:
On 10/26/2011 08:11 PM, Viktor Dukhovni wrote:
The LDAP table driver considers entries that match the query filter,
but which lack the requested attributes, or have only empty values
for the requested attributes
On Wed, Oct 26, 2011 at 07:42:54PM -0600, Ren? Fournier wrote:
High-volume email is not covered in Postfix documentation as the
requirements are complex and subject to change.
Well, high volume is maybe overstating it. I would guess a few
hundred outgoing emails a day, mostly to
On Wed, Oct 26, 2011 at 05:10:41PM -0700, Quanah Gibson-Mount wrote:
I'm using simple binds as I have since postfix 2.3. I actually was not
aware the code for using SASL mechanism binds had been added to postfix.
Very happy to know that. ;) I have my own test server set up now so I
can
On Thu, Oct 27, 2011 at 05:55:21PM -0700, Quanah Gibson-Mount wrote:
The original response from Viktor had:
Naturally also post the Postfix table definition, which will indicate
whether you're using simple or SASL binds. If possible try both,
and report any difference in behaviour, since as
On Thu, Oct 27, 2011 at 04:25:07PM -0700, Quanah Gibson-Mount wrote:
Therefore, I propose the following Postfix fix/work-around which
is required for anyone running Postfix 2.3 or later, linked with
OpenLDAP 2.4 or later (perhaps even late 2.3.x releases, I just
compared OpenLDAP 2.3.4 with
On Thu, Oct 27, 2011 at 07:22:05PM -0700, Quanah Gibson-Mount wrote:
The issue I fixed today would affect any postfix build with an
OpenLDAP API at least as far back as OpenLDAP 2.1. What postfix
revisions you fix are entirely up to you of course, and I think
reasonably I wouldn't expect you
On Fri, Oct 28, 2011 at 08:30:48AM -0700, Quanah Gibson-Mount wrote:
Reading the code in libraries/libldap/sasl.c, specifically the
function ldap_sasl_bind_s. This is from OpenLDAP 2.1.30. Note that
ldap_result2error is still called after ldap_parse_sasl_bind_result.
Use of a function
On Fri, Oct 28, 2011 at 02:27:32AM +, Viktor Dukhovni wrote:
A better solution is required, I'll post an updated proposal
tomorrow.
Please try the below. It inlines the two-line (possibly deprecated)
ldap_result2error() function, which just calls ldap_parse_result().
I don't believe we
On Wed, Nov 02, 2011 at 02:17:03PM +0200, Amira Othman wrote:
I am using postfix 2.8.4 on centos 5.7 and I want to configure another
instance of postfix. I followed instructions in the following link
http://www.postfix.org/MULTI_INSTANCE_README.html but when i try to start
the second instance
On Thu, Nov 03, 2011 at 10:47:18PM -0500, Chris Richards wrote:
Am I right in guessing that if I do something like the following:
smtpd_sender_restrictions = permit_mynetworks,
check_sender_access mysql:/etc/postfix/mysql_sender_access.cf,
permit_sasl_authenticated,
reject;
where
On Sat, Nov 05, 2011 at 10:17:00PM -0500, Chris Richards wrote:
Victor, yes I figured out about reject_authenticated_sender_login_mismatch
and smtpd_sender_login_maps. I'm still working that out, but I don't
believe that is going to be an issue.
On my personal email server, I use non-Postfix
On Wed, Nov 09, 2011 at 03:36:42PM -0500, Mike A. Leonetti wrote:
For example the user would be located under
cn=Mike,cn=users,dc=server,dc=local and have the mail attribute for the
local mailbox.
The contact would be located under: cn=Mike -
Blackberry,cn=users,dc=server,dc=local
On Tue, Nov 15, 2011 at 02:17:39PM +0200, Amira Othman wrote:
I am using postfix 2.8 and I have configured two instances of postfix each
of them uses different ip and domain . The two instances are running but
when I try to send e-mail from one to another I get this error
status=deferred
On Wed, Nov 16, 2011 at 01:27:29PM +0100, gmx Ralf Hauser wrote:
Any hints how to do a client certificate authentication TLS-handshake
between IBM's v8.51 as the client and postfix/openssl on the server side
would be highly appreciated.
If you want to validate client certs, you have to ask
On Fri, Nov 18, 2011 at 07:56:07AM +0100, Claudio Kuenzler wrote:
Take a look at this: http://www.postfix.org/ADDRESS_REWRITING_README.html
There are a lot of examples and you'll find what you're looking for.
Yes, the document is a good place to start.
If you want to change the domain for
On Fri, Nov 18, 2011 at 08:30:37AM +0100, Claudio Kuenzler wrote:
Victor, take a look at my e-mail sent 3 days ago in the same thread. I
already mentioned the smtp_generic_maps there (order before canonical).
Regardless of past thread history, advice to use wildcard canonical
mappings on
On Tue, Nov 22, 2011 at 08:30:49PM -0500, Wietse Venema wrote:
I just stubled across this thread:
http://www.gossamer-threads.com/lists/exim/users/90005
We could take a bold step and do it in two main stream MTAs,
damn the torpedoes.
Is it worth the effort? Will enough SMTP clients
On Wed, Nov 23, 2011 at 09:11:55AM -0500, Wietse Venema wrote:
To make per-recipient end-of-data replies useful with Postfix, PRDR
would need to be supported by at least one third-party content
inspection mechanism (such as Amavisd-new or Milter), because I see
no obvious user interface for
On Wed, Nov 23, 2011 at 10:29:54AM -0600, Stan Hoeppner wrote:
On 11/23/2011 9:52 AM, Islam, Towhid wrote:
I have been puzzled over this for a while and do not know what causes the
problem or what is really happening.
I have two internet mail relay servers, let's call them mr1 and mr2.
On Wed, Nov 23, 2011 at 03:23:11PM +0100, Mark Martinec wrote:
Wietse wrote:
To make per-recipient end-of-data replies useful with Postfix, PRDR
would need to be supported by at least one third-party content
inspection mechanism (such as Amavisd-new or Milter), because I see
no obvious
On Sun, Nov 27, 2011 at 08:56:40PM +0100, gmx Ralf Hauser wrote:
http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest is a
great feature.
Is there a plan to offer stronger digest algorithms such as sha256 ?
Postfix supports all the algorithms enabled by the SSL library when
On Mon, Nov 28, 2011 at 06:17:30PM +0100, Vincenzo Romano wrote:
2011/11/28 Wietse Venema wie...@porcupine.org:
Vincenzo Romano:
The point is that postfix/smtp is not logging the Message-ID along
with the other details it logs.
Is there a way to ask postfix/smtp to log also the
On Wed, Nov 30, 2011 at 08:38:13PM -0500, Vladimir Parkhaev wrote:
Augment this:
smtpd_recipient_restrictions =
check_recipient_access hash:/usr/local/etc/postfix/access,
reject_unauth_destination,
permit
As follows (and avoid using access, name each table after its
On Thu, Dec 01, 2011 at 10:56:34AM +0100, Roland de Lepper wrote:
Where're planning to migrate postfix from Suse to Ubuntu 10.04 LTS. The
Postfix version on Suse has an higher version number than in Ubuntu
10.04LTS (2.7.2 - 2.7.0).
Because of the migration we have to shutdown the MySQL
On Fri, Dec 02, 2011 at 11:37:02AM +0530, DN Singh wrote:
Yes, I am trying some workarounds, like rate delays, to address unusual
traffic, and also joined their FBL for complainants. But, am still facing
problems with some MTAs.
Also, this only for Yahoo, there are others like hotmail,
On Fri, Dec 02, 2011 at 08:24:29AM -0500, Wietse Venema wrote:
There is no scenario in which a site that accepts your mail (i.e.
has not classified you as a spammer, correctly or not) will offer
better service if all your mail delayed by a few hours, that just
time-warps the problem into
On Fri, Dec 02, 2011 at 02:23:53PM +, Mark Goodge wrote:
That makes no sense at all, surely nothing more productive will happen
when the spiggot is turned on 4 hours later with even more mail queued.
The point is that following instructions is a reasonable proxy for
being a legitimate
On Fri, Dec 09, 2011 at 07:47:08AM -0500, Wietse Venema wrote:
lst_ho...@kwsoft.de:
I don't know the Postfix internals but if it where easy *and* safe to
implement it would have been done already from someone feeling the
need to do so.
A quick search shows that trivial-rewrite
On Mon, Dec 19, 2011 at 07:54:59AM -0800, Who Me wrote:
Both my existing postfix (V2.5.5) implementation, and my
new one (V2.8.7) update their relay_recipients table daily
This table is consulted *only* by smtpd(8).
On the older box, every day I see a message stating that
On Tue, Dec 20, 2011 at 10:24:04AM +0100, lst_ho...@kwsoft.de wrote:
As far as I understand you have to list the complete chain but only
your sub-CA to get it working.
This is not the case:
http://www.postfix.org/TLS_README.html#server_access
Allow the remote SMTP client request
On Wed, Dec 21, 2011 at 04:35:14AM -0600, /dev/rob0 wrote:
if you reject mails to nore...@yourdomain.com you will fail
sender-verify everywhere
This is doable. [Most?] sender verify probes QUIT before DATA, so we
can wait until DATA to reject.
The real solution is not misuse the
On Mon, Dec 26, 2011 at 08:25:42PM -0600, Noel Jones wrote:
The BOFH solution is a custom cleanup_service_name with alternate
header_checks on the pickup service that removes user-supplied From:
headers. Postfix will supply a standard header based on the UID.
IIRC this won't work. The
On Mon, Jan 09, 2012 at 09:03:23AM +0100, Ralf Hildebrandt wrote:
Personally, I'd go for mandatory TLS between the two machines with no
encryption
(but compression) - I guess Victor will correct me, but I think
that should work.
That would be fine provided the OpenSSL libraries on both
On Wed, Jan 11, 2012 at 04:15:17PM +0100, Stefan wrote:
I've set up clientside TLS with postfix 2.7.1 as follows:
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_security_level = may
For all destinations, except any listed in policy_maps at a security
level of verify,
On Wed, Jan 11, 2012 at 07:08:30PM +0100, Dennis Guhl wrote:
On Wed, Jan 11, 2012 at 04:15:17PM +0100, Stefan wrote:
Hello list,
mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher ADH-CAMELLIA256-SHA
This is an anonymous cipher. With
smtpd_tls_mandatory_exclude_ciphers
On Sat, Jan 14, 2012 at 12:03:01AM +0100, Patrick Ben Koetter wrote:
And if I used: smtpd_use_tls = yes and did not use certificate, then they
password will be sent encrypted or not?
This forces TLS on all clients. You must not do it on a publicly available MX
according to RFCs.
No,
On Mon, Jan 16, 2012 at 03:41:16PM -0800, Nickalf wrote:
run postfix set-permissions to reset permissions.
It errors with:
chown: cannot access '/usr/lib/postfix/dict_cdb.so': No such file
The Debian (and thus by inheritance Ubuntu) Postfix maintainer is
responsible for this all
On Tue, Jan 17, 2012 at 01:36:57AM +0100, Pascal Volk wrote:
On 01/17/2012 12:54 AM Viktor Dukhovni wrote:
On Mon, Jan 16, 2012 at 03:41:16PM -0800, Nickalf wrote:
There's a dict_tcp.so but no dict_cdb.so
Yes, this is the symptom, and you should file a bug report with the
Debian
On Sun, Jan 29, 2012 at 11:47:39PM -0800, Ori Bani wrote:
I'm curious to get feedback on the idea of mounting all the postfix
queue directories on a faster media (SSD drive in this case).
The answer depends on your real goals. Mounting the spool on an
SSD is only your real goal if you're are a
On Mon, Jan 30, 2012 at 09:03:39PM +, Mark Alan wrote:
Regarding the config option:
postscreen_access_list = static:retry
Where is retry documented as a valid access list keyword?
3) the similar syntax of 'transport_maps = static:retry'
The transport table is not access(5) table, and
On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote:
SIX major releases is a lot, even having the fact
that Wietse is very careful with changes in mind
the problem is that even he can not say what exactly
has changed since long not supported releases and
how will this possibly
On Wed, Feb 08, 2012 at 08:47:27AM -0800, Mr fix wrote:
I have compared the working version(2.4.6) box vs this one 2.8.7
here are the results.
1. postfix-script files exist at same locations.
[root@box-1 /]# find / -name postfix-script
/etc/postfix.one/postfix-script
On Thu, Feb 09, 2012 at 11:43:54AM +0200, Nerijus Kislauskas wrote:
Lost connection after data may mean either the client closed the
connection, or the mail was timed out.
Are you able to send mails to this postfix server from other machines ?
If yes then it is unlikely to be a smtpd
On Thu, Feb 09, 2012 at 01:15:52PM +0530, Ram wrote:
I am trying to validate email ids of subscribers coming to my site
Is there a standard regular expression for email id syntax that
confirms to rfc822.
I want to avoid junk entries from entering my database.
Postfix already checks
On Mon, Feb 13, 2012 at 05:17:42PM +, Alex Bligh wrote:
I wasn't aware of that. Maybe I'll examine the RFC more closely and
see if that is specifically allowed.
I'll save you the trouble - it is not allowed.
RFC 2821 p51
RFC 2821 covers (surprise!) SMTP, so the Received format
On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote:
My config is:
virtual_alias_maps = hash:/etc/postfix/alu-aliases,
hash:/etc/postfix/dif-aliases,
proxy:ldap:/etc/postfix/ldap-sysaliases.cf
relay_recipient_maps = hash:/etc/postfix/relaydomains,
On Thu, Feb 16, 2012 at 04:26:58PM +0100, Scappatura Rocco wrote:
Scappatura Rocco:
I would like that sender domain names for which is not configured
any MX record are not relayed from my MTA. I have tried to use the
That would be a mistake. There is no RFC REQUIREMENT that a
On Fri, Feb 17, 2012 at 08:41:31AM +0100, Angel L. Mateo wrote:
El 16/02/12 16:35, Viktor Dukhovni escribi?:
On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote:
If your LDAP tables contain no bare (just the local part) address
lookup keys, you may consider using %u@%d instead
On Wed, Feb 22, 2012 at 06:37:04PM +0100, Ralf Hildebrandt wrote:
postamt:~# mailq
Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
3TtQjD72G4z2r0c* 1237 Wed Feb 22 18:31:28 s.sxxx...@charite.de
I didn't notice at first, but I then wondered - huh? Why is mailq
On Thu, Feb 23, 2012 at 04:06:07PM -0500, lance raymond wrote:
ok, but my 1st issue is I am 99% sure that 25 is blocked at the primary FW,
so I am guessing they could be getting to the webservers, using something
there which is allowed to send to the public IP of the mailserver (there on
On Fri, Feb 24, 2012 at 04:28:01PM +, Kaleb Hosie wrote:
I'm trying to enable postfix to use an SSL certificate for sending
email but when I enable SMTP on my outlook client, I get this
message:
You are misled by the confusing overloading of the various terms
relating to transport layer
On Sat, Feb 25, 2012 at 09:18:39AM -0800, Kyle King wrote:
I store my domains as an attribute for an org, while for a org with one
domain the lookup works fine when a org has several domains (and
therefore returns all domains of that user) The ldap look up fails. is
there a way to parse the
On Sat, Feb 25, 2012 at 01:27:53PM -0800, Kyle King wrote:
I am using the ldap lookup for relay_domains,
The lookup keys for this table are domains, not email addresses.
relay_domains = ldap:/etc/postfix/ldap-domains.cf
Fine, this is used by trivial-rewrite(8) only, and so there is not
point
On Sun, Feb 26, 2012 at 12:34:39PM -0800, Kyle King wrote:
I feel I should also mention i do a user lookup later for the full
address, which works fine.
Not terribly useful against the same table, since all you can match
is the domain part, so no actual address validation takes place. If
On Tue, Feb 28, 2012 at 04:33:45PM +0100, Jef Driesen wrote:
With some help from a dyndns account, I can even access my imap
server from outside my network. This works great, except that I
can't send mails from outside my network. Therefore, I would like
to setup an smtp server that simply
On Mon, Mar 05, 2012 at 07:26:18PM +0100, Robert Dahlem wrote:
I'm on Postfix 2.5.6 and implementing TLS. I'm having difficulties to
understand the difference between verify and secure.
These are documented in TLS_README.html
http://www.postfix.org/TLS_README.html#client_tls_verify
On Tue, Mar 06, 2012 at 11:52:54AM +0100, Robert Dahlem wrote:
/etc/postfix/transport:
test1.prv smtp:[s2.mydomain.de]
/etc/postfix/tls_policy:
[s2.mydomain.de]verify
==
s2.mydomain.de[192.168.1.1]:25: Trusted
On Tue, Mar 06, 2012 at 06:19:59PM +0100, Robert Dahlem wrote:
Default strategy for verify: ask DNS about MX, then check if the
servers CN matches. Check if the trust chain is valid.
Yes, though there is no promise of whether the name or the trust
chain is checked first. Both need to be
On Tue, Mar 06, 2012 at 04:01:47PM -0500, Wietse Venema wrote:
So you need a way for postfix start that returns status 0 if the
master(8) daemon initalizes successfully, and non-zero otherwise.
I think this can be done by starting the master as a foreground
process. The foreground master
On Mon, Mar 12, 2012 at 12:10:30PM -0400, Charles Marcus wrote:
I hope someone here who has used Postini can suggest a way to resolve this.
I get the following error in the logs (u...@example.com is a valid
user on our system):
Mar 12 02:48:29 myhost postfix-25/smtpd[25932]: C0F52760CFF:
On Mon, Mar 12, 2012 at 01:15:01PM -0700, Richard Troy wrote:
Public Internet MX hosts without certificates signed by a reputable CA
must generate, and be prepared to present to most clients, a self-signed
or private-CA signed certificate. The remote SMTP client will generally
not be able to
On Fri, Mar 16, 2012 at 12:37:21PM +0100, Pim Zandbergen wrote:
I am routing all mail for a domain to another SMTP server using the
transport map rule
adomain.comrelay:other.server
Good.
But I would like to exclude mailing lists, and have them processed locally,
using header_checks
On Mon, Mar 19, 2012 at 11:14:19AM -0500, Noel Jones wrote:
I believe the virtual(8) delivery agent is the only program that
uses virtual_transport, so that's the only place in master.cf that
you could put -o virtual_transport=...' and expect it to have an
effect.
In fact it is
On Thu, Mar 22, 2012 at 08:53:09AM -0500, /dev/rob0 wrote:
if /\@(example\.com|(other|third)\.example)$/
... your LHS stuff ...
endif
(Escaping of the \@ is necessary in PCRE but not POSIX RE.)
It is not necessary in PCRE either. One only needs to escape @ in
Perl code, but not in PCRE
On Sun, Apr 01, 2012 at 03:38:34PM +, Robinson, Eric wrote:
We only want to install postfix as a null client for sending
alerts from our servers. When I try to install postfix, it wants
to install mysql-libs-5.1.61-1.el6_2.1 as well. I'm afraid this
will break our mysql servers, which are
On Tue, Apr 03, 2012 at 09:39:22AM -0500, /dev/rob0 wrote:
One of these domains in particular is a remote site with their
own Exchange 2007 server and they have asked me to allow TLS
emails through, HSBC Bank is asking for this.
I don't think the request is reasonable, but it is easy to
On Wed, Apr 04, 2012 at 03:57:00PM -0400, Eric Kimminau wrote:
My goal is to limit outbound email to only three domains. All other email
destined for any other domain should be redirected to a single, valid
internal mail box.
I take it these are *destination* (recipient) domains, not *origin*
On Wed, Apr 04, 2012 at 04:11:34PM -0400, Wietse Venema wrote:
/etc/postfix/transport:
example.com :
* reject:this destination is not allowed
That should of course be
error:5.1.2 ...
not
reject: ...
since reject is not a transport, is is an
On Thu, Apr 05, 2012 at 02:25:33AM -0400, Eric Kimminau wrote:
Correct. domain1.com is the local domain, domain2 and domain3 are
outside the local network and will pass through mailhost.domain1.com
if they leave the local system.
Good, then DO NOT use the same access table to
On Thu, Apr 05, 2012 at 02:40:16PM -0700, Stephen Ingram wrote:
Reading through some very old posts on the list it seems as though,
although not very popular, it is possible to perform authentication in
Postfix using GSSAPI. Setting up the keytab for the smtpd server seems
straightforward
On Fri, Apr 06, 2012 at 04:47:37PM +0300, Eray Aslan wrote:
On 2012-04-06 2:12 AM, Viktor Dukhovni wrote:
The basic idea is to
ensure that there is always a ticket in the client's credential
cache. This is done via a cron-job that runs kinit -k ... once
an hour.
kstart/krenew should
On Fri, Apr 06, 2012 at 10:24:23AM -0700, Quanah Gibson-Mount wrote:
The cron solution is much simpler and more robust. There is no
supervisor process running, no need for the child to not exit, no
need to instrument postfix start-up by wrapping in kstart, ...
Instead, there is a
On Mon, Apr 09, 2012 at 10:21:05PM -0400, b...@bitrate.net wrote:
Given my understanding of address classes, it seemed that in order to use
virtual_alias_maps, those related domains would need to be listed in
virtual_alias_domains.
This assumption is incorrect. All recipients, regardless of
On Tue, Apr 10, 2012 at 12:28:28PM -0400, Wietse Venema wrote:
RCPT TO:final-rcpt ORCPT=rfc822;orig-rcpt ...
Does Postfix already send this if LMTP server advertises DSN?
Yes :-) It's the same code for both SMTP and LMTP.
Since in most cases the LMTP server is not a queueing MTA, I
On Tue, Apr 10, 2012 at 09:48:38PM -0400, Wietse Venema wrote:
Since in most cases the LMTP server is not a queueing MTA, I would
recommend a delivery agent option in Postfix that suppresses DSN
NOTIFY=... transmission to the LMTP server. Still send ORCPT, but
handle (any final) DSN in
On Thu, Apr 12, 2012 at 02:59:05PM +0200, Ralf Hildebrandt wrote:
* Wietse Venema wie...@porcupine.org:
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
ehlo
On Thu, Apr 12, 2012 at 03:40:57PM +0200, Franck MAHE wrote:
smtp_tls_loglevel = 4
Do not set the loglevel to a value higher than 1 unless asked to
by a TLS expert. The extra noise in the logs will just hide the
real problem. If you want packet-by-packet analysis, just use
tcpdump and analyse
On Thu, Apr 12, 2012 at 09:04:01AM -0500, Noel Jones wrote:
My main.cf has a note-to-self about this same cipher being broken on
some old Windows versions in the distant past. Maybe an old bug has
resurfaced.
Possible workaround:
smtpd_tls_exclude_ciphers = DES-CBC3-SHA
On Thu, Apr 12, 2012 at 10:13:16AM -0400, Wietse Venema wrote:
My results are different, perhaps they've already fixed something ...
$ /usr/sbin/sendmail -f post...@dukhovni.org -bv postmaster@[82.135.27.153]
...
Note that the cipher is RC4-MD5 (more typical of Windows), not 3DES
On Thu, Apr 12, 2012 at 05:26:54PM +0200, Franck MAHE wrote:
All the modules on my side are installed. I pay attention to the last line.
Either in fact some modules are NOT installed or they're disabled
them via one of:
smtp_sasl_security_options = noplaintext, noanonymous
On Wed, Apr 18, 2012 at 08:44:49PM -0700, fr47Tb wrote:
Having difficulty with communications between cyrus-imapd lmtpd (version
2.4.14) and postfix lmtp (version 2.9.1) using openssl
(version 1.0.0-fips 29) on Centos (version 6) system.
FIPS could well be a problem, since it imposes limits
On Thu, Apr 19, 2012 at 10:41:11AM +, Viktor Dukhovni wrote:
Please see log output below.
The client HELO in the log decodes as:
Version 3.1
cipher suites
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
1 - 100 of 6453 matches
Mail list logo
