ecot-pigeonhole, move /etc/dovecot to /etc/dovecot.BAK, then go
again
from scratch in case you messed up something in the process.
Gilles
deal with this? I certainly don't want to
> stop senderscore filtering, but I do want to receive emails from them.
>
You should probably look into the bypass keyword, it lets you create a
filter rule that will bypass a phase (ie: in phase connect, if ip addr
is X, then bypass the phase).
Gilles
December 1, 2020 1:30 PM, "Aisha Tammy" wrote:
> On 12/1/20 1:31 AM, Martijn van Duren wrote:
>
>> Hello,
>>
>> There is table_ldap in the opensmtpd-extras package, but I've never used
>> it, it's undocumented and I've heard that the author sees it as a proof
>> of concept only at this point.
February 1, 2020 2:01 PM, "Uwe Werler" wrote:
> Thank you very much Gilles for the insights.
>
> It's not really your fault because it's how our brain works. If we want to
> get things working we
> are concentrating to get them working - not how to break them. It's
February 1, 2020 9:11 AM, "Andreas Kusalananda Kähäri"
wrote:
> Hi,
>
> With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line
> in one's ~/.forward makes delivery of mail fail with
>
> Feb 1 08:53:53 pooh smtpd[72575]: d9abac6b3d904e13 smtp connected
> address=local
>
As promised, I have written a (too much ?) detailed write-up about the recent
event:
https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
Hope it clarifies what happened and plans for the future.
Gilles
It depends on your configuration, not all setups are vulnerable.
I think I recall your name from the comments on my tutorial and this is a
setup that would not be vulnerable for example. The bug still exists, but
it can't be used to exploit the same code path.
You should update, this is not
January 29, 2020 7:00 PM, "Stuart Henderson" wrote:
>
> I hesitate to mention it in case it puts anyone off from updating (DON'T
> DO THAT, YOU SHOULD UPDATE!) but it is easy to configure to avoid the
> root-escalation aspect of this bug - and many readers will already be
> doing this,
smtpd needs to be able to execute mda with user privileges to deliver mail to
them,
it cannot revoke all its privileges after binding ports. furthermore, mbox
needs to
be able to write to /var/mail forcing it to retain some privileges.
after I'm done dealing with the aftermath, i'll explain in
November 24, 2019 4:34 PM, "Andrew Kanaber"
wrote:
> Hi,
>
> I'm setting up an embedded machine that won't be able to send mail to
> the internet and it seems excessive to leave smtpd running just so root
> can receive cron job output, but I can't see a way to cut smtpd out of
> the delivery
A similar patch for this was sent to tech@ by Renaud Allard, you might want to
go review the "sysupgrade: Allow to use another directory for data sets" thread
and comment it.
November 14, 2019 3:01 PM, "Raimo Niskanen"
wrote:
> The use case for this patch is that in our lab network we have
interesting to have instruction for generating self-signed cert but
most people will want a cert that others will validate so it makes sense
to at least extend the man page (in another diff) in my opinion.
--
Gilles Chehade @poolpOrg
https://www.p
ay
of it if you can't write code at the moment.
Some people already wrote a few useful filters and are using them daily,
so this is more than usable at this point, my plan is for the filter API
to be made rock-solid for 6.6.
> Once again, thank you for this amazing piece
h identical in terms of configuration.
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
; was looking for.
>
glad it helps, though keep in mind that I'm writing about code that is on
my laptop or that's very very very fresh and likely to change.
we're nearly a year apart from that post and I can't even remember all of
the changes, fixes and improvements.
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
On Sun, Jan 27, 2019 at 12:42:23PM -0700, Steve Williams wrote:
>
> Hi Gilles,
>
> Thanks very much for the reply.?? I had looked in for some kind of flag that
> could be set in the procmail config file... I never thought it would be a
> command line argument to procmail :(??
g special cases and ugly hacks such as having
explicit search for the string 'procmail' in .forward files.
it wasn't worth it when people can just pass procmail an option.
also don't use procmail, it's trash and there are far better options for
you to use today, fdm being the first to come to mind
On Sat, Jan 26, 2019 at 09:23:37PM +1000, Stuart Longland wrote:
> Hi Gilles,
> On 25/1/19 11:29 pm, Gilles Chehade wrote:
> > On Fri, Jan 25, 2019 at 11:15:47PM +1000, Stuart Longland wrote:
> >> First and foremost is the issue of backscatter-prevention. I would like
>
directory on the VPS for my server to later ciphon
> down using `rsync --remove-source-files` over SSH. (Basically, a bit
> like UUCP.)
>
no custom mail transports in smtpd.
a way to achieve what you want is to write a custom mda, and this is
actually how i did it to achieve a use-case
On Tue, Jan 22, 2019 at 01:11:44AM +0100, Eric Elena wrote:
> On Mon, 21 Jan 2019 11:08:02 +0100 Gilles Chehade wrote:
> > I may sound a bit harsh, but starting a thread with "this is my last try
> > or I'll switch" (as if it actually matters) right before telling someone
go check that mail
> server a 7,000,000th time, this time to see what MTA is actually *running*,
> not just *configured*. I'm not sure whether I want it to be such a blatant
> mistake on my part or not... if yes, this all makes sense but I'm an idiot,
> whe
use-case that could have never worked because it
not only uses the wrong _documented_ mechanism but also because the code
to make your use-case work has never existed, kinds of irritates me.
I don't get royalties on smtpd install, please install whatever software
fits your use case, this is
Sun ALOMs and at least one Lexmark printer that also sends email with
> broken From addresses.)
>
I may sound a bit harsh, but starting a thread with "this is my last try
or I'll switch" (as if it actually matters) right before telling someone
who wants to help you that you actually t
external addresses, log:
> http://dpaste.com/2M8JMQC.txt
>
you need a rule that matches auth, for example:
match auth from any for any action "relay"
> On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade
> wrote:
> >On Mon, Jan 14, 2019 at 01:03:19PM
ou're doing
can you setup a temporary account, with a temporary password, authenticate to it
using a regular MUA (whichever you want, just don't auth manually), then trash
the account and send us logs that aren't doctored ?
> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade
> wrote:
quot;535 Authentication failed"
>
Hi,
First of all, it should read mask-src and not mask-source, otherwise the
auth keyword is assuming a table containing literal string "mask-source"
and this will cause authentication to fail.
A good method to troubleshoot, is to run smtpd in
On Tue, Jan 01, 2019 at 01:14:54PM +0100, Walter Alejandro Iglesias wrote:
> On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote:
> > On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote:
> > > Hello Gilles,
> > >
> > > In a
On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote:
> Hello Gilles,
>
> In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade
> wrote:
> > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote:
> > > CVSROOT:
that initated the connection:
$ spamdb | grep -E '^(GREY|WHITE)\|' | cut -d\| -f1,2
Do not spam misc@ with that output, send it directly to me.
Thanks !
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me
8sqrIraunJoXU1DeBwsRveIm9W8lQhrakOK5w/A
> > LP7NegSZljctRmTvLDkSwkgdR9mH18y/DFAjj+TlA3oLNB+EkKGRgBxuEddb
> > BgoAU+9+PSgpoAUGXeWGlp/Q0caUP7lM/VlovbBJF8l+1uEZtc1euwtw8fo/
> > +cxZXDiMzDbouZAvSqG/60E=
> > =5R2I
> > -END PGP SIGNATURE-
> >
> --
> Vijay Sank
On Wed, Nov 21, 2018 at 09:21:46PM +0100, Thuban wrote:
> * Gilles Chehade le [21-11-2018 21:06:39 +0100]:
> > On Wed, Nov 21, 2018 at 06:38:43PM +0100, Thuban wrote:
> > > * Edgar Pettijohn le [21-11-2018 11:32:43
> > > -0600]:
> > > >
> &g
On Wed, Nov 21, 2018 at 09:21:46PM +0100, Thuban wrote:
> * Gilles Chehade le [21-11-2018 21:06:39 +0100]:
> > On Wed, Nov 21, 2018 at 06:38:43PM +0100, Thuban wrote:
> > > * Edgar Pettijohn le [21-11-2018 11:32:43
> > > -0600]:
> > > >
> &g
uess the "junk" keyword in smtpd.conf was written to be handy, so I miss
> something. Where ?
>
You didn't miss anything, the maildir agent only supports X-Spam headers
as of today so this will need a diff to support SpamAssassin if it can't
generate a X-Spam header.
SpamAssassin wasn't a target when I wrote that feature but it's just one
diff away ;-)
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
t contains a positive X-Spam
> header.
>
>
> spams detected by spamassassin have multiple X-Spam-* headers, but aren't
> placed
> into Junk folder.
>
> Any advice ?
>
without seeing examples of these headers and your config, it's hard
is would be something like:
action relay_00 relay mail-from "@foobar.org"
match [...] action relay_00
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
> But you're right in principle -- I *should* really take the time out to
> recreate the list of domains that went into it and just re-generate with
> smtpctl spf walk something like once per day or once per week.
>
Like this ?
https://github.com/Mailbrix/lists
:-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
g only some exit codes as tempfail
and all others as permfail.
diff going to the tree in a minute, tested by Atanas ;-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
gt;
That is exactly the case.
I have a non-invasive implementation of filters which I'm happy with and
which I intend to commit shortly after OpenBSD 6.4 is tagged, so we have
a full release cycle to work on details, keywords and such, in order for
the feature to be production ready for 6.5.
I _do_ ha
On Mon, Sep 03, 2018 at 12:25:55PM +0200, d.rausch...@gmail.com wrote:
> Hi Gilles,
>
> On Sun, Sep 02, 2018 at 01:25:46PM +0200, Gilles Chehade wrote:
> > Can you provide me with the corrupt line procmail includes so I can
> > check if it is invalid indeed ?
>
> Th
ou're running current, you might want to try:
"|exec /usr/local/bin/procmail -f %{mbox.from} || exit 75"
in case it helps procmail produce a correct sender.
Can you provide me with the corrupt line procmail includes so I can
check if it is invalid indeed ?
--
Gilles Chehade
https://www.poolp.org @poolpOrg
if only Steve Jobs would be alive and keeping
>>
>> Apple
>>> inspired. The new models are meticulously designed to make you
>>
>> suffer:
>>> expensive, slow cpu, soldered ram, soldered disk, small disk, bad
>>
>> keyboard
>>> keys, wifi only, must pay extra for standard connectors.
>>>
>>> I have 1500EUR for a new laptop. What would you buy with it?
--
Gilles Chehade
https://www.poolp.org @poolpOrg
"lmtp-local"
> > > > match from local for any action "relay"
> > > >
> > > >
> > > > but delivery attempts fail with Error ("mail.lmtp: sender must be
> > > > specified
> > > > with -f")
&
On Thu, May 24, 2018 at 11:45:40AM -0700, Paul B. Henson wrote:
> > From: Gilles Chehade
> > Sent: Wednesday, May 23, 2018 1:20 PM
> >
> > That's bad but could easily be fixed if you want to help us
>
> So I dropped in the latest table-ldap from git, and it still
On Fri, May 25, 2018 at 09:37:07PM +0200, Walter Alejandro Iglesias wrote:
> On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> > On 14:31 Fri 25 May, Gilles Chehade wrote:
> > > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote:
> > > &g
On Fri, May 25, 2018 at 09:27:21AM -0400, Amelia A Lewis wrote:
> On Fri, 25 May 2018 16:15:00 +0300, Consus wrote:
> > On 15:14 Fri 25 May, Gilles Chehade wrote:
> >> On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> >>> On 14:31 Fri 25 May, Gilles Chehade
On Fri, May 25, 2018 at 04:15:00PM +0300, Consus wrote:
> On 15:14 Fri 25 May, Gilles Chehade wrote:
> > On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> > > On 14:31 Fri 25 May, Gilles Chehade wrote:
> > > > On Fri, May 25, 2018 at 02:20:50PM +0
On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> On 14:31 Fri 25 May, Gilles Chehade wrote:
> > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote:
> > > Could someone tell me if my changes below are OK. :-)
> > >
> > &
for any relay
no longer matches authenticated users
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote:
> On Thu, May 24, 2018 at 14:18, Gilles Chehade <gil...@poolp.org> wrote:
>
> > In effect, instead of having:
> > accept from any for local deliver to mbox
> >
> > You will have:
> >
on of my own complex smtpd.conf to new grammar:
https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/
I have also compiled a list of directives recognized by the parser which
I intend to use for regress tests:
https://poolp.org/~gilles/smtpd.conf
As for the reaso
On Wed, May 23, 2018 at 10:19:47PM +0200, Gilles Chehade wrote:
> On Tue, May 22, 2018 at 06:13:23PM -0700, Paul B. Henson wrote:
> > So I recently converted my opensmtpd server to use ldap as the backend
> > for user authentication. It seems it's a bit untolerant
> 201601072302 (although the openbsd port appears to be 201703132115, I
> guess it's not downloading it from github?).
>
It's been a while since the last -extras release indeed,
I suppose the openbsd port pulls from github, I dunno really
> It looks like the code in head still
e creep. I don't think you would
have a much simpler code path if you used OpenSMTPD or added server code
in front of this new SMTP client to allow enqueuing.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
it's simple and you can easily set it up
from within a ~/.forward file rather than /etc/mail/aliases which has a
huge security benefit.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
I will remember that promise.
On Tue, Jan 23, 2018 at 01:37:37AM -0800, Jordan Geoghegan wrote:
> Thank you Gilles! I knew it was going to be something irritatingly obvious.
> I owe you a beer.
>
> Cheers,
>
> Jordan Geoghegan
>
>
> # pkg_add opensmtpd-extras
>
On Tue, Jan 23, 2018 at 01:21:22AM -0800, Jordan Geoghegan wrote:
> Hi Gilles,
>
> The output of the command you sent:
>
> # smtpd -dv
> smtpd: table_create: backend "passwd" does not exist
>
> I'm not sure what this means, as /etc/mail/passwd does inde
t; postmas...@mydomain.cajor...@mydomain.ca
> webmas...@mydomain.ca jor...@mydomain.ca
> jor...@mydomain.cavmail
>
>
> *Dovecot starts without complaint with this config:*
>
>
> passdb {
> args = scheme=blf-crypt /et
DSN
> 250 HELP
>
> I think I should see a "SMTPUTF8" extension in this list. Is that correct?
>
smtpd doesn't support SMTPUTF8 yet, correct.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
a number). Again, I cannot build and actually test
> this right now.
>
> Cheers,
> Kris Katterjohn
>
ok gilles@
chris, are you taking care of committing this ?
> Index: usr.sbin/httpd/parse.y
> ===
> RCS file: /cv
but, usually, having the "from any for any"
rule in a config file is a sign that user failed to write ruleset and is
using this as a fallback. The earliest the rules match the envelope, the
better, as it indicates that the rule was written to match precisely.
Most rulesets should finish w
domain [...]
accept from any for domain foobar.org [...]
with:
accept from any for any [...]
you will match all envelopes so you're essentially creating a catch-all.
virtual happens AFTER a rule has been matched so if you recipient is not
found the RCPT will be rejecte
On Wed, Aug 02, 2017 at 02:47:27PM +0200, Christian Gut wrote:
>
> > On 2.Aug. 2017, at 14:09, Gilles Chehade <gil...@poolp.org> wrote:
> >
> > On Wed, Aug 02, 2017 at 01:47:09PM +0200, Kirill Miazine wrote:
> >> * Eric Faurot [2017-08-02 13:24]:
> >&
nts. But it's quite a big change, and we can't
> > give an
> > ETA right now.
>
> what about defining a new name in DNS containing addresses of all
> smarthosts as a workaround for the OP for now?
>
This can work in some use-cases, this is exactly what a co-worker did to
work around the limitation.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
d there
is no chance it can make it before 6.3
I have a big interest in this working so this is among my top prio work.
Gilles
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ery method to being easier to manage as an admin.
That being said: no, no, no, * because I'm curious.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, May 25, 2017 at 04:20:37PM -0700, sharon s. wrote:
> At some point.. birthdays stop being happy. only speaking from
> experience.. :)
>
that reads like an early stage of depression ?
you may want to M-x doctor ;-)
--
Gilles Chehade
https://www.
Much better :-)
You don’t need to restart the daemon, you simply need to tell it through
smtpctl that the table aliases needs to be reloaded:
$ doas smtpctl update table aliases
Gilles
> On 11 May 2017, at 08:17, Ajitabh Pandey <ajitabhpan...@gmail.com> wrote:
>
> Hi
because you still didn’t show your config,
but just for documentation purpose: you’re not doing it right.
Gilles
> On 11 May 2017, at 08:13, Ajitabh Pandey <ajitabhpan...@gmail.com> wrote:
>
> Thanks Edgar. That worked. This is what I was missing.
>
> I actually removed my .fo
it is doing
--
Gilles Chehade
https://www.poolp.org @poolpOrg
t; Is it about my server cert or the remote one?
>
remote one, it means that when trying to verify the certificate that was
presented by the remote server, the verification failed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
.. is not allowed to relay based on this configuration ...
> # relay
>
> relay as "@my-domain.com"
>
... and this is where you get your syntax error, "relay as" is parameter
to accept, it should read:
accept [...] relay as [...]
--
Gilles Chehade
https://www.poolp.org @poolpOrg
n they happen.
I can understand why someone would be reluctant to setup dmarc, but dkim
and spf are really a no brainer.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT
> TO:" result="550 Invalid recipient"
> Nov 26 06:06:56 server smtpd[55880]: 3bcc430eee258cd7 smtp
> event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT
> TO:" result="550 Invalid recipient"
> Nov 26 06:06:57 server smtpd[55880]: 3bcc430eee258cd7 smtp event=closed
> address=119.141.24.19 host=119.141.24.19 reason=disconnect
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
s I'm unable to reproduce with current smtpd and older libcrypto, and
able to reproduce with recent libcrypto.
I'm investigating this
--
Gilles Chehade
https://www.poolp.org @poolpOrg
/* set expected tag */
EVP_CIPHER_CTX_ctrl(, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
@@ -304,7 +302,7 @@ crypto_decrypt_buffer(const char *in, si
len += olen;
/* finalize, write last chunk if any and perform authentication check */
- if (!EVP_Decrypt
iguration?
>
> This is exactly why I hate DMARC. Some tiny bullshit change, that
> requires everyone in the world to catch up to it.
>
> Fuck you Google. Fuck you Yahoo. Clean up your own houses before you
> shit on ours.
>
so much hate :-p
--
Gilles
a former customer, I would recommand against them.
There are other alternatives with better hardware, services and policies
within the same price ranges. online.net to name one, hetzner.de to name
another one.
I'm only commenting because your mail didn't mention competitors and I'd
hate the id
anges out
> > of sync with the kernel.
>
> Perhaps overloading kevent? EVFILT_IEEE80211?
>
:-|
--
Gilles Chehade
https://www.poolp.org @poolpOrg
the API.
If you need a stable setup, don't use filters before we announce that it
is a stable feature.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
plied that it didn't accept your AUTH
which is basically your credentials
--
Gilles Chehade
https://www.poolp.org @poolpOrg
edict the fate of that project.
>
aren't you guys even slightly tired of the bullshit ?
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, May 19, 2016 at 10:57:57AM +0100, Kevin Chadwick wrote:
> Happy Birthday
>
>
>if (pledge("fun relax", NULL) == -1) {
> err(1, "pledge");
> }
>
KNF, dammit...
On Wed, May 18, 2016 at 06:08:52PM +0200, Joakim Frosteg??rd wrote:
>
> [...]
>
> @Gilles Chehade:
> If you're not being sarcastic, I would be happy to contribute to that
> project as well.
>
Didn't know I came off sarcastic naturally, achievement unlocked !
I w
If yes, we would also need to make sure that the creator of
> the nice openbsd logo included is happy with us using it for
> the webpage. Apart from that, I would be happy to license
> my work under BSD, MIT or whatever you want.
>
I don't know if it's of any interest for op
re already enough pending sessions
I don't know.
What I know is that max-inflight is not THE solution for sure.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
):
error:code message
A status code and message to return. The code must be 3 digits,
starting 4XX (TempFail) or 5XX (PermFail). The message must be
present and can be freely chosen.
note that only single-line messages are support
>
After reading the whole thread, I still don't understand your problem,
what you're trying to achieve and what information you're looking for.
> I would love to see someone reply telling me that I have bad eyes and a
> 5.9 is running and it's getting it correct.
>
I'd love to tell you that you have bad eyes, but not knowing what is
your problem nor what you're trying to achieve, I wouldn't know what
I should look for.
> Meanwhile I have to bring up a new server and Postfix seems to be the
> only candidate.
>
> At least I can build a mailserver that works on that.
>
Again, good choice, if you're comfortable with running Postfix and you
can't get OpenSMTPD running, I don't know why you're struggling :-)
> Sorry for the noise
>
np
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, Mar 03, 2016 at 02:02:22PM -0600, Claus wrote:
> On 3/3/2016 3:14 AM, Gilles Chehade wrote:
> >On Thu, Mar 03, 2016 at 01:54:16AM +0100, ropers wrote:
> >Won't question your need however this + vs - thing has come up often and
> >I'd like to stress out
On Thu, Mar 03, 2016 at 01:39:54PM -0700, Andy Bradford wrote:
> Thus said Gilles Chehade on Thu, 03 Mar 2016 10:14:48 +0100:
>
> > Who should get mail for foo-bar@ ?
>
> The MTA will decide who will get foo-bar@.
>
How ?
> > This just doesn't happen with + be
e is concerned, what you could do if you can't go
without - is to take an account anywhere that supports + then just setup
a simple mail forwarder at a vps host to rewrite - to +, this way you'll
be able to transition without being limited in hosting c
to use after
> it wad configure. (:<
>
> Oh well.
>
> I will switch back to makemap then.
>
> I hope I understand your explication as this being still valid:
>
> table vusers db:/etc/mail/vusers.db
> table vdomains db:/etc/mail/vdomains.db
>
yes, this is still valid
--
Gilles Chehade
https://www.poolp.org @poolpOrg
se the 'recipient' keyword:
accept [...] for domain recipient [...]
Goal of aliases / virtual is to resolve a user-part/address into a
local delivery ... which makes no sense if your mail is not local.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
You told me once that you were a "security expert" and that we could
sit around a beer so you'd tell me what's wrong in our design. If it
is true that you want the project to succeed and if you really are a
security expert then the project would have surely made a better use
of a design analysis report than this mail.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
unless you provide the full configuration file and some logs, this is
not enough to even begin to understand what happened.
on the top of my head: you're not matching the rule you think you are
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Fri, Jul 31, 2015 at 05:25:49PM -0300, listas...@dna.uba.ar wrote:
Hello everybody
Hello,
alias ducks='du -cks * |sort -rn |head -11'
I'm stealing this one ;-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
related
projects don't tend to hide issues under the carpet.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
need a rule that states:
accept from local for any relay
It needs to be at the bottom of your config, right where you added this
reject rule (which serves no purpose btw since this is the default).
--
Gilles Chehade
https://www.poolp.org @poolpOrg
.]
Thank fro reply.
wheel is the new root.
https://en.wikipedia.org/wiki/Wheel_(Unix_term)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
it
to be at least 2048-bits, however before we bump this default, we need a
fair amount of testing: last time I tried, it broke A LOT of exchanges.
Discussions will take place with regard to what we'll do anways...
--
Gilles Chehade
https://www.poolp.org
hard to implement though, I'll see if I can get it
done this week.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
1 - 100 of 529 matches
Mail list logo
