Re: check_ccert_access search order support (was: TLS client certificates and auth external)
Thomas Quinot: > * Wietse Venema, 2020-05-09 : > > > It was implemented in and removed from the un_stable Postfix release. > > Thanks for confirming this! > > > If you want to avoid incompatible changes, use a stable Postfix > > release instead. > > Sure, that's perfectly fair, and I'm not complaining about the > removal of the feature from the unstable release; what I was wondering > was whether the use of an external policy server was the > appropriate/recommended approach. The CN (common name) names a leaf node in a hierarchy, but provides no information about the hierarchy that the name belongs to. The policy protocol provides multiple attributes that can further narrow down the scope of a CN, but table lookups can only do single attribute lookup, and then a CN is not sufficient. Wietse
Re: check_ccert_access search order support (was: TLS client certificates and auth external)
* Wietse Venema, 2020-05-09 : > It was implemented in and removed from the un_stable Postfix release. Thanks for confirming this! > If you want to avoid incompatible changes, use a stable Postfix > release instead. Sure, that's perfectly fair, and I'm not complaining about the removal of the feature from the unstable release; what I was wondering was whether the use of an external policy server was the appropriate/recommended approach. Thomas.
Re: logrotate script for Postfix
> > On May 9, 2020, at 9:45 AM, Wietse Venema wrote: > > > If the log is written by Postfix you must use "postfix logrotate". > This ensures that Postfix stops writing to a file before it is > compressed. > > Wietse I hate to even suggest I found a bug with Postfix, but I think I found a very minor bug. First, despite having gone to Postfix logging over a year ago (thanks to MacOS’s weird logging system), this is the first I heard there was a Postfix logrotate command. Testing it, I did not get the rotated file name I would have expected. The bug is the default name for the rotated file which is from the parameter maillog_file_rotate_suffix: # postconf -d maillog_file_rotate_suffix maillog_file_rotate_suffix = %Y%M%d-%H%M%S This is putting minutes where month should be. And it’s documented that way at http://www.postfix.org/MAILLOG_README.html (so technically not a bug since it works as documented but not as one would expect). Easy fix with an override in main.cf -- Larry Stone lston...@stonejongleux.com
Re: logrotate script for Postfix
Fourhundred Thecat: > Hello, > > I am using Postfix on Debian. I have noticed that my mail logs are not > being rotated. > > I see that there is no rule in my /etc/logrotate.d/ for rotating mail logs. > > Which program's responsibility is it? If the log is written by (r)syslogd, you must use the tool that rotates (r)syslogd logs. This ensures that (r)syslogd stops writing to a file before it is compressed. The name of the program is distribution dependent. If the log is written by Postfix you must use "postfix logrotate". This ensures that Postfix stops writing to a file before it is compressed. Wietse
Re: logrotate script for Postfix
On 2020-05-09 15:28 BST, Fourhundred Thecat wrote: > I am using Postfix on Debian. I have noticed that my mail logs are not > being rotated. > > I see that there is no rule in my /etc/logrotate.d/ for rotating mail logs. > > Which program's responsibility is it? In my debian 10 machines, it's configured in /etc/logrotate.d/rsyslog belonging to the package rsyslog. -- Nick
logrotate script for Postfix
Hello, I am using Postfix on Debian. I have noticed that my mail logs are not being rotated. I see that there is no rule in my /etc/logrotate.d/ for rotating mail logs. Which program's responsibility is it? Is it supposed to come with Postfix, or is this the responsibility of the operating system, or rsyslog ? I can probably reuse some of the other rules to create new rule for mail.log, but I am not sure about the postrotate command. Should postfix be reloaded after logs are rotated, or rsysylog reloaded? This is an example rule form other logs: postrotate invoke-rc.d rsyslog rotate > /dev/null endscript
Re: check_ccert_access search order support (was: TLS client certificates and auth external)
Thomas Quinot: > * Wietse Venema, 2020-05-08 : > > > > As far as I can tell, support for issuer and subject CN lookup > > > was removed on 20200316. Is my understanding correct that support > > > > As far as I know it was never implemented. > > Sorry, I probably misunderstood the code while reading it. > For the record, the change I was referring to is the following: > > 20200316 > > Removed the issuer_cn and subject_cn matches from > check_ccert_access. Files: smtpd/smtpd_check.c, > proto/postconf.proto. It was implemented in and removed from the unstable Postfix release. If you want to avoid incompatible changes, use a stable Postfix release instead. Wietse
Re: BCC on local delivery agent?
Me to. There is something about writing out your problem in detail that provides a moment of clarity. On 5/9/20 1:40 AM, @lbutlr wrote: On 08 May 2020, at 02:54, Admin Beckspaced wrote: ups ... I think I can answer my own question? Why is it that the answer mostly comes once the email has been sent ;) Because if it came before, you wouldn’t sent the message! (90% of the email questions I write are never sent, hard to believe, but true).
Re: BCC on local delivery agent?
On 08 May 2020, at 02:54, Admin Beckspaced wrote: > ups ... I think I can answer my own question? > Why is it that the answer mostly comes once the email has been sent ;) Because if it came before, you wouldn’t sent the message! (90% of the email questions I write are never sent, hard to believe, but true). -- I poured spot remover on my dog. Now he's gone.