Re: Fallback to IPV4 in case of IPV6 is not available

[Viktor Dukhovni]

> On Apr 1, 2017, at 4:19 PM, Rick Zeman  wrote:
> 
> Comcast, surprisingly, is way ahead of the residential game:

I am not surprised.  In addition to having IPv6 they also have
DNSSEC deployed, and have published working DANE TLSA records
for their MX hosts.  Bottom line, SMTP at Comcast is actively
maintained to modern standards.

-- 
Viktor.

Re: Fallback to IPV4 in case of IPV6 is not available

[Rick Zeman]

On Sat, Mar 25, 2017 at 2:48 PM, Paul C  wrote:
> I wish the world would use ipv6 enough for this to be worth doing, but
> it's not going to have much benefit to you as there's almost no one
> using it for smtp, from the last time I checked which was a few months
> ago, google uses it perfectly, verizon too (maybe a few more cable
> domains), yahoo looked like they were trying lol, website and some
> services were v6 this year but smtp was not when I checked, hotmail
> doesn't use it anywhere from what i can see, aol never will and almost
> no self hosted mail server will have it. My guess is (unless gmail is
> where most mail goes) that you might see a few percent like 1-5% of
> mail ever use it. Not a bad research project or knowing v6, or if you
> have other reasons, but actual sending out is just not happening any
> time soon.

Comcast, surprisingly, is way ahead of the residential game:

Apr  1 16:17:12 miniserv postfix/smtp[79694]: Untrusted TLS connection
established to smtp.comcast.net[2001:558:fe21:2a::5]:587: TLSv1.2 with
cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr  1 16:17:12 miniserv postfix/smtp[79694]: 252483CACE40:
to=, relay=smtp.comcast.net[2001:558:fe21:2a::5]:587,
delay=1.6, delays=0/0/1.3/0.25, dsn=2.0.0, status=sent (250 2.0.0
uPSRcVCa8qoNEuPSSchbjZ mail accepted for delivery)
Apr  1 16:17:12 miniserv postfix/qmgr[62620]: 252483CACE40: removed

Re: message_size_limit - how to configure on multiple instances ?

[Zalezny Niezalezny]

thank You all :)

30 mar 2017 21:47 "Viktor Dukhovni"  napisał(a):

>
> > On Mar 30, 2017, at 12:35 PM, Zalezny Niezalezny <
> zalezny.niezale...@gmail.com> wrote:
> >
> > # postconf -d | grep message
>
> The "postconf -d" command returns compiled-in defaults.
> For your actual settings, try "postconf", either with
> no options or as "postconf -n" for just non-default
> settings.  See postconf(1) for details.
>
> --
> Viktor.
>
>

Re: need little help with DKIM, if possible.

[Dominic Raferd]

On 30 March 2017 at 17:42, Viktor Dukhovni 
wrote:

>
> > On Mar 30, 2017, at 12:35 PM, Dominic Raferd 
> wrote:
> >
> > As I understand it, ​DKIM requires a separate DNS record for each
> subdomain
>
> No, DKIM has no such requirement.  The DKIM signing domain "d=" in the
> DKIM signature header is not constrained to match the domain in the
> rfc2822 "From:" header.  All that DKIM conveys is the identity of the
> domain responsible for the content.  DKIM authenticates the origin
> domain, not the author.


​Thanks Viktor on reflection that is clearly right. What I should have said
is that valid DKIM only proves that the content of the email came from the
domain in the From header​ if this domain matches the one in the DKIM
header.

BTW I recently discovered a neat Thunderbird Add-On 'DKIM Verifier' which
can colour(color) the background to the sender name (i.e. From header)
green if the domain matches the DKIM domain (example: P.V. Anthony's email
in this thread, mine too I hope), orange if they mismatch (example:
Angelo's emails in this thread), no colour if there is no DKIM (example:
your emails in this thread), red if the DKIM signature is bad.