Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[lists]

  https://access.redhat.com/solutions/120383Did you do the poodle block back in the day? From: hamdi201...@gmail.comSent: February 7, 2020 10:37 PMTo: postfix-users@postfix.orgSubject: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?  Hi everyone. I have a php contact form, that reports the following postfix error (getting that in maillog file): https://hastepaste.com/view/jr41NThe same applies for, when I send an e-mail to that e-mail address by using Outlook. Obviously my mail server having troubles sending e-mails to some servers in public, perhaps the remote e-mail server doesn't has SSL/TLS activated, maybe? But, I don't enforce/force smtp tls, having: smtp_tls_security_level = may  - in my main.cf.How can I solve this problem from my side? Thank you.

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[Viktor Dukhovni]

On Sat, Feb 08, 2020 at 09:36:41AM +0300, Andreas X wrote:

> Hi everyone. I have a php contact form, that reports the following postfix
> error (getting that in maillog file): https://hastepaste.com/view/jr41N

It is rude to post links to pastebins.  If you want help, please paste
all the logs for the relevant message to the list, with as least the
destination domain not obfuscated (if at all possible).

-- 
Viktor.

warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[Andreas X]

Hi everyone. I have a php contact form, that reports the following postfix
error (getting that in maillog file): https://hastepaste.com/view/jr41N

The same applies for, when I send an e-mail to that e-mail address by using
Outlook.

Obviously my mail server having troubles sending e-mails to some servers in
public, perhaps the remote e-mail server doesn't has SSL/TLS activated,
maybe? But, I don't enforce/force smtp tls, having: smtp_tls_security_level
= may  - in my main.cf.

How can I solve this problem from my side?

Thank you.

Re: From header local mail

[xegroeg]

And the second server listed as MX for this domain has an identical main.cf, 
but is running an older Postfix. 

> On Feb 7, 2020, at 5:03 PM, xegr...@gmail.com wrote:
> 
> I guess my problem is that when I have that set, myhostname is added to all 
> mail. TO: aliases looked up in LDAP are returned as just usernames and end up 
> as usern...@mx.example.com and bounce. 
> 
> To clarify, i would expect that the FROM: changes, and this is what I want 
> for local mail, but the TO: address changes as well.
> 
> An example internal fail2ban alert: 
> * pickup shows From:, $mydomain is appended. To: is an alias in 
> LDAP. LDAPnames@$mydomain
> 
> With /etc/mailname, 
> * pickup shows From:, $myhostname is appended. To: is an alias in 
> LDAP. LDAPnames@$myhostname. Not local, bounces no mailbox for users. 
> 
> Cron is the same. On an older system greps for pickup and fail2ban, cron, etc 
> show From:
> 
> Gmail is not being used in the domain in question. I’m just using this to 
> submit my question. 
> 
> 
 On Feb 7, 2020, at 2:45 PM, Matus UHLAR - fantomas  
 wrote:
>>> 
>>> On 07.02.20 12:01, xegr...@gmail.com wrote:
>>> Hi.  In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would
>>> like Postfix to append $myhostname instead of $myorigin to local mail
>> 
>> That is the point of myorigin, why you want it else?
>> 
>> -- 
>> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Re: From header local mail

[xegroeg]

I guess my problem is that when I have that set, myhostname is added to all 
mail. TO: aliases looked up in LDAP are returned as just usernames and end up 
as usern...@mx.example.com and bounce. 

To clarify, i would expect that the FROM: changes, and this is what I want for 
local mail, but the TO: address changes as well.

An example internal fail2ban alert: 
* pickup shows From:, $mydomain is appended. To: is an alias in LDAP. 
LDAPnames@$mydomain

With /etc/mailname, 
* pickup shows From:, $myhostname is appended. To: is an alias in 
LDAP. LDAPnames@$myhostname. Not local, bounces no mailbox for users. 

Cron is the same. On an older system greps for pickup and fail2ban, cron, etc 
show From:

Gmail is not being used in the domain in question. I’m just using this to 
submit my question. 


>> On Feb 7, 2020, at 2:45 PM, Matus UHLAR - fantomas  wrote:
>> 
>> On 07.02.20 12:01, xegr...@gmail.com wrote:
>> Hi.  In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would
>> like Postfix to append $myhostname instead of $myorigin to local mail
> 
> That is the point of myorigin, why you want it else?
> 
> -- 
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Re: From header local mail

[Bob Proulx]

xegr...@gmail.com wrote:
> Hi. In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I
> would like Postfix to append $myhostname instead of $myorigin to
> local mail with a From header containing just a username, like cron
> or fail2ban emails.  This server is listed in mx records for
> example.com.

I see you are using Gmail.  One must be careful and look at the "Show
original message" in order to see what is actually being set on
headers as Gmail does not display that information to you otherwise.
For example if a comment is included then Gmail will display the
comment and hide the address.

Cron emails look like this for me:

From: CronDaemon 
To: r...@anxiety.proulx.com

In Gmail that would display the "CronDaemon" comment and the root@
address part would be hidden.  One must use Show original message with
Gmail in order to see the actual contents of the header.

If you want a specific From: then either set $myorigin to the domain
you wish, or do not set myorigin and let it use $myhostname which is
the default.

  http://www.postfix.org/postconf.5.html#myorigin

> In older Postfix installations (3.1) it seemed that only setting the
> below would be enough for local mail to be addressed from, for
> example, r...@mx.example.com.  Wondering what I am missing or what
> to check next.

Are you thinking of "masquerade_exceptions = root" with
"masquerade_domains = example.com" here?  That would match the
description as you have written.

> myhostname  = mx.example.com
> myorigin= example.com
> mydestination   = mx.example.com, localhost

The above will make usern...@example.com be the From: address for
locally created email.  But the system will not accept mail for that
domain since it does not appear in mydestination.  I think
mydestination should include $myhostname here.

Meanwhile, I always have localhost.$mydomain in my list too.

  mydestination = $myhostname, localhost.$mydomain, localhost

> /etc/mailname is mx.example.com

Debian has a downstream patch that allows "myorigin = /etc/mailname"
and the actual contents in that file in order to facilitate a generic
image being customized across several different MTA installations all
uniformly the same way.  The contents of /etc/mailname are only used
if also using the Debian patch functionality myorigin = /etc/mailname
AFAIK.  In the above you are not setting it to /etc/mailname and
therefore that file's contents are not used.

> postconf -n output https://pastebin.com/WwVdT8CF

I see:

append_dot_mydomain = yes

Not sure if this plays into what you are asking.  The default is yes.
But previously you might have had it set to no.

  http://www.postfix.org/COMPATIBILITY_README.html

  http://www.postfix.org/postconf.5.html#append_dot_mydomain

> If I remove $myorigin than all mail ends up going to @mx.example.com and 
> bounces.

Why is it bouncing?  And isn't mail going to @mx.example.com exactly
what you have asked for?  Why does that mail bounce?

Bob

Re: From header local mail

[Matus UHLAR - fantomas]

On 07.02.20 12:01, xegr...@gmail.com wrote:

Hi.  In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would
like Postfix to append $myhostname instead of $myorigin to local mail 


That is the point of myorigin, why you want it else?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Re: From header local mail

[xegroeg]


Thanks. If I remove $myorigin than all mail ends up going to @mx.example.com 
and bounces. 

postconf -n output https://pastebin.com/WwVdT8CF

>> On Feb 7, 2020, at 12:59 PM, Bill Cole 
>>  wrote:
>> 
>> On 7 Feb 2020, at 13:01, xegr...@gmail.com wrote:
>> 
>> Hi. In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would 
>> like Postfix to append $myhostname instead of $myorigin to local mail with a 
>> From header containing just a username, like cron or fail2ban emails.
> 
> Then just don't explicitly set $myorigin. Its only purpose is to qualify bare 
> local-parts and it defaults to $myhostname.
> 
> If for some reason that is unacceptable, see 
> http://www.postfix.org/DEBUG_README.html#mail for how best to document your 
> problem to get useful help here. A selection of the configuration directives 
> that you *think* are relevant is much less useful than your actual "postconf 
> -n output."
> 
> 
> -- 
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire

Re: From header local mail

[xegroeg]

Thanks. If I remove $myorigin than all mail ends up going to @mx.example.com 
and bounces. 

postconf -n output https://pastebin.com/WwVdT8CF

> On Feb 7, 2020, at 12:59 PM, Bill Cole 
>  wrote:
> 
> On 7 Feb 2020, at 13:01, xegr...@gmail.com wrote:
> 
>> Hi. In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would 
>> like Postfix to append $myhostname instead of $myorigin to local mail with a 
>> From header containing just a username, like cron or fail2ban emails.
> 
> Then just don't explicitly set $myorigin. Its only purpose is to qualify bare 
> local-parts and it defaults to $myhostname.
> 
> If for some reason that is unacceptable, see 
> http://www.postfix.org/DEBUG_README.html#mail for how best to document your 
> problem to get useful help here. A selection of the configuration directives 
> that you *think* are relevant is much less useful than your actual "postconf 
> -n output."
> 
> 
> -- 
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire

Re: From header local mail

[Bill Cole]

On 7 Feb 2020, at 13:01, xegr...@gmail.com wrote:

Hi. In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I 
would like Postfix to append $myhostname instead of $myorigin to local 
mail with a From header containing just a username, like cron or 
fail2ban emails.


Then just don't explicitly set $myorigin. Its only purpose is to qualify 
bare local-parts and it defaults to $myhostname.


If for some reason that is unacceptable, see 
http://www.postfix.org/DEBUG_README.html#mail for how best to document 
your problem to get useful help here. A selection of the configuration 
directives that you *think* are relevant is much less useful than your 
actual "postconf -n output."



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

From header local mail

[xegroeg]

Hi. In a new install of Postfix 3.4.7-0+deb10u1 on Debian buster, I would like 
Postfix to append $myhostname instead of $myorigin to local mail with a From 
header containing just a username, like cron or fail2ban emails.  This server 
is listed in mx records for example.com.  In older Postfix installations (3.1) 
it seemed that only setting the below would be enough for local mail to be 
addressed from, for example, r...@mx.example.com.  Wondering what I am missing 
or what to check next. 

myhostname  = mx.example.com
myorigin= example.com
mydestination   = mx.example.com, localhost

/etc/mailname is mx.example.com

Feb  7 10:45:00 mx postfix/pickup[27300]: EF3E31C0CA0: uid=0 from=
Feb  7 11:02:04 mx postfix/pickup[27300]: 49A2D1C0CA0: uid=114 from=
Feb  7 11:02:04 mx postfix/pickup[27300]: EAD661C112C: uid=110 
from=
Feb  7 11:02:06 mx postfix/pickup[27300]: 85CF81C112C: uid=110 
from=
Feb  7 11:06:06 mx postfix/pickup[27300]: AC8851C112C: uid=110 
from=
Feb  7 11:06:54 mx postfix/pickup[28725]: CF91B1C0CA0: uid=0 from=
Feb  7 11:12:28 mx postfix/pickup[28725]: D5D581C0CA0: uid=0 from=
Feb  7 11:16:42 mx postfix/pickup[29054]: AADAC1C0CA0: uid=0 from=


Feb  7 11:16:42 mx postfix/pickup[29054]: AADAC1C0CA0: uid=0 from=
Feb  7 11:16:42 mx postfix/cleanup[29078]: AADAC1C0CA0: warning: header 
Subject: test from local; from=
Feb  7 11:16:42 mx postfix/cleanup[29078]: AADAC1C0CA0: 
message-id=<20200207171642.aadac1c0...@mx.example.com>
Feb  7 11:16:42 mx postfix/qmgr[29055]: AADAC1C0CA0: from=, 
size=420, nrcpt=1 (queue active)
Feb  7 11:16:42 mx postfix/smtp[29080]: AADAC1C0CA0: to=, 
orig_to=, relay=mail.example.com[]:25, delay=0.23, 
delays=0.03/0.02/0.02/0.16, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
BA2DA4E014F)
Feb  7 11:16:42 mx postfix/qmgr[29055]: AADAC1C0CA0: removed

Possibly relevant?:

always_add_missing_headers = yes
header_from_format = obsolete

Re: Loggin original ip address in relay connection

[Emanuel]

Hello everyone.!

I solved with this rule:

/^Received: .*/    WARN

Regards,

El 27/11/19 a las 12:26, Wietse Venema escribió:

Emanuel:

Hi,? i use exim locally, with an smarthost through Postfix. It's
possible add in the log the real IP the real client?

Actually i only see the IP of the relay connection.

The remote client IP address is in the Received: header that EXIM
has added. Use a Postfix header_checks rule to log that specific
Received: header. I am not familiar with the detailed format of
EXIM headers, but you should have plenty examples :-)

Wietse

--
envialosimple.com   
Emanuel Gonzalez
IT / Departamento Emails
emanuel.gonza...@donweb.com 
www.envialosimple.com 
by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La 
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por 
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised 
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem 
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais 
ela foi endereçada, por favor destrua-a e a todos os seus eventuais 
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de 
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, 
retornando-a para o autor.

Re: Postfix LDAP pipemap lookup tables and OctetStream

[Luca Fornasari]

On Thu, Feb 6, 2020 at 8:56 PM Viktor Dukhovni
 wrote:
>
> On Thu, Feb 06, 2020 at 08:44:36AM +0100, Luca Fornasari wrote:
>
> > The idea is to use a pipemap of LDAP queries; the first LDAP query
> > [...]
> > Since msExchMasterAccountSid is an OctetStream, I am wondering if this
> > will work ... does anyone already have experience on this?
>
> In Postfix, table lookup keys and result data are NUL-terminated
> C strings.  So binary keys and values are not possible.
>
> const char *dict_lookup(dict_name, member)
> const char *dict_name;
> const char *member;
>
> Internally, the Postfix LDAP table assumes that all attributes returned
> in an LDAP query are NUL-terminated C-strings.  OpenLDAP appends a final
> NUL even to binary data, but we don't check for absence of internal
> NULs.
>
> Also, the Postfix LDAP table folds keys to lower-case by default, and
> IIRC you don't generally get to disable that when defining tables.
>
> Bottom-line.  Sorry, no non-textual keys or values.
>
> --
> Viktor.

Thanks Victor for your kind and detailed reply ... I should have read
the source code before asking.

Luca