[pfx-dev] Re: pfx 3.8.4 build noise: "warning: missing braces around initializer [-Wmissing-braces]"

On Tue, Dec 26, 2023 at 04:16:18PM -0500, Viktor Dukhovni via Postfix-devel wrote: > If I enable "-Wall", I get the noisy warnings, and they can all be > disabled by adding: > > -Wno-missing-braces > -Wmaybe-uninitialized > -Wunused-but-set-vari

[pfx-dev] Re: pfx 3.8.4 build noise: "warning: missing braces around initializer [-Wmissing-braces]"

On Tue, Dec 26, 2023 at 02:33:35PM -0500, pgnd via Postfix-devel wrote: > lots of noisy warnings, > > grep missing-braces tmp.txt > dict.c:627:38: warning: missing braces around initializer > [-Wmissing-braces] All these about initialising arrays of structures without

[pfx-dev] Re: dict_mongodb (projections)

On Thu, Dec 07, 2023 at 01:06:57AM +, Hamid Maadani wrote: > >> However, I am concerned about the use of `bson_new_from_json()` and its > >> need to quote the MongoDB operators. This feels completely unnatural. > >> How is there then a distinction between: > >> > >> $or: [...] > >> > >> and

[pfx-dev] Re: dict_mongodb (projections)

On Wed, Dec 06, 2023 at 07:31:41PM -0500, Viktor Dukhovni via Postfix-devel wrote: > However, I am concerned about the use of `bson_new_from_json()` and its > need to quote the MongoDB operators. This feels completely unnatural. > How is there then a distinctio

[pfx-dev] Re: dict_mongodb (projections)

On Wed, Dec 06, 2023 at 07:06:30PM -0500, Wietse Venema via Postfix-devel wrote: > I have been adding text to the mongodb_table that any text pasted > in the place of a %letter directive in result_format will be subject > to escaping, that is, Postfix inserts a backslash character before > a

[pfx-dev] Re: dict_mongodb

On Wed, Dec 06, 2023 at 08:10:22PM +, Hamid Maadani via Postfix-devel wrote: > now, in my case, I'm using a docker container, and am using parameters > in main.cf , a sample below: > docker_va_uri = $docker_dburi > docker_va_dbname = $docker_dbname > docker_va_collection = mailbox >

[pfx-dev] Re: dict_mongodb

On Wed, Dec 06, 2023 at 02:25:39PM -0500, Wietse Venema via Postfix-devel wrote: > > This is a good point. Honestly, I didn't think about escaping characters > > because the queries are meant to be in JSON form and taken literally, For a lookup key to be taken "literally" its metacharacters MUST

Re: Submission service lookup support

On Tue, Feb 14, 2023 at 01:25:39PM -0500, Wietse Venema wrote: > Viktor Dukhovni: > > On Tue, Feb 14, 2023 at 01:01:05PM -0500, Wietse Venema wrote: > > > > > > Fiction aside, the use-cases look reasonable to me. I haven't thought > > > > through of what do

Re: Submission service lookup support

On Tue, Feb 14, 2023 at 01:01:05PM -0500, Wietse Venema wrote: > > Fiction aside, the use-cases look reasonable to me. I haven't thought > > through of what downgrade (from e.g. DANE) are introduced by the various > > (optional) fallback controls. If they do introduce potential > > downgrades,

Re: Submission service lookup support

On Tue, Feb 14, 2023 at 09:43:33AM -0500, Wietse Venema wrote: > While we're on the topic of DANE, is there any reason why TLSA info > is never looked up for destinations specified as [domain-name]? That's not what I see. $ postmap -q dnssec-stats.ant.isi.edu cdb:transport

Re: Submission service lookup support

On Mon, Feb 13, 2023 at 07:33:35PM -0500, Wietse Venema wrote: > There's a first implementation in postfix-3.8-20230213-nonprod. > Docs: https://www.postfix.org/postconf.5.html#use_srv_lookup > Code: http://ftp.porcupine.org/mirrors/postfix-release/index.html#non-prod > > To see all SRV related

Re: Submission service lookup support

On Mon, Aug 08, 2022 at 05:06:22PM -0400, Viktor Dukhovni wrote: > > We're discussing support for an MUA-specific feature, not high-volime > > MTA-to-MTA support. Connection reuse is less important, as long as > > Postfix does not mix traffic with different authent

Re: Submission service lookup support

On Mon, Aug 08, 2022 at 04:41:57PM -0400, Wietse Venema wrote: > > Yes. The main complication is that connection caching, TLS session > > caching and TLS policy are perhaps not quite right if we're not aware > > that the list of "[host]:port" pairs is actually a single logical > > destination,

Re: Submission service lookup support

On Mon, Aug 08, 2022 at 04:07:39PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > On Mon, Aug 08, 2022 at 03:03:07PM -0400, Wietse Venema wrote: > > > > > All we need is a small bit of code that transforms SRV lookup results > > > into a list of [host]:port f

Re: Submission service lookup support

On Mon, Aug 08, 2022 at 03:03:07PM -0400, Wietse Venema wrote: > All we need is a small bit of code that transforms SRV lookup results > into a list of [host]:port forms that the Postfix SMTP client already > understands. We have code to do MX lookups, it can be cloned to RFC6186 SRV lookups

Re: Quarantine message using milter

On Wed, Jun 29, 2022 at 06:50:36PM +, ran...@skurelabs.com wrote: > Is there anyway, we can send commands through milter to get list of > all quarantined emails(in hold queue) and release emails? We are fine > to support postfix code changes to enable these two use cases. I would >

Re: dict_mongodb

On Tue, Jun 28, 2022 at 01:32:52AM +, Hamid Maadani wrote: > > The _README is a more verbose tutorial covering building the driver > > and various use-cases and special considerations, leaving syntax > > reference docs to the _table(5) document. > > Should I create the html version in proto

Re: dict_mongodb

On Tue, Jun 28, 2022 at 01:03:43AM +, Hamid Maadani wrote: > > - Are all the table features documented in mongodb_table(5)? > > They are. The _table(5) doc concisely covers all table syntax features. > > - Is there a MONGODB_README that covers building the driver and > > tutorial prose

Re: dict_mongodb

On Mon, Jun 27, 2022 at 11:53:54PM +, Hamid Maadani wrote: > Fyi, I have added a second commit to the mongodb branch of my fork on > github, which will enable mongo projections: > https://github.com/21stcaveman/postfix/commits/mongodb > > I have kept them separate in case it is chosen not to

Re: dict_mongodb

On Thu, Jun 23, 2022 at 06:13:05PM +, Hamid Maadani wrote: > The code is updated. Now: > - It accounts for the 'domain' parameter > - It requires a JSON formatted 'filter' parameter (no more search_key) Good. > - It uses comma-separated 'result_attribute' to return fields off of query >

Re: dict_mongodb

On Wed, Jun 22, 2022 at 05:12:08AM +, Hamid Maadani wrote: > Understood. Is there any prior code in postfix I can repurpose for array > management to keep an > static list of mongoc_client_t objects (one per named dict)? Or should I > write it within the module? > trying to avoid creation

Re: dict_mongodb

On Wed, Jun 22, 2022 at 04:13:40AM +, Hamid Maadani wrote: > > This sort of "concat" operation is a bad idea, because it is prone to > > collisions... > > Those were just examples to discuss a point. You can find similar > types of concatenations in multiple guides written for setting up >

Re: dict_mongodb

On Tue, Jun 21, 2022 at 07:26:53PM +, Hamid Maadani wrote: > Want to discuss the 'result_attribute' before I go ahead with the > implementation though. > It is kind of the same story as with 'filter' and 'search_key' attributes. Not exactly, there are enough differences to warrant specific

Re: dict_mongodb

On Sun, Jun 19, 2022 at 12:47:39AM +, Hamid Maadani wrote: > > perhaps typically querying a single underlying "database" with > > different queries/results for each "table". > > Isn't that the case, when we configure postfix with mysql for example, > and create different tables for virtual

Re: dict_mongodb

On Sat, Jun 18, 2022 at 02:45:26AM +, Hamid Maadani wrote: > I usually use client pools, because of their thread safety (which is not > needed here) as well as > the more aggressive cluster monitoring operations they have by default > compared to the single > threaded mongoc_client_t. There

Re: dict_mongodb

On Fri, Jun 17, 2022 at 04:53:41PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > Also, your parsing of the search_keys is hand-rolled, but should be > > using mystrtok(3) to split the list on commas/whitespace, and > > split_nameval(3) to split "key = value" pa

Re: dict_mongodb

On Fri, Jun 17, 2022 at 06:59:29AM +, Hamid Maadani wrote: > > You need to use a static variable to record whether you've already > > initialised the library, and do it just once. No need to worry about > > threads or locks. Postfix is single-threaded. > > This is also done. Also, the

Re: dict_mongodb

On Thu, Jun 16, 2022 at 08:48:00PM -0400, Viktor Dukhovni wrote: > > Just Fyi, when compiling postfix, I keep running into missing from > > src/posttls-finger/posttls-finger.c > > Adding the stdio header resolves the issue, easy fix. > > Feel free to post a patch. I d

Re: dict_mongodb

On Fri, Jun 17, 2022 at 12:39:30AM +, Hamid Maadani wrote: > > You need to read the mongodb documentation with care and make sure > > that you honour their API contract. For example: > > > > mongoc_init(): > > When it comes to 'mongoc_init' and 'mongoc_clean', they are supposed to be > run

Re: dict_mongodb

On Thu, Jun 16, 2022 at 08:11:20PM +, Hamid Maadani wrote: > Please let me know if any other adjustments are necessary. You need to read the mongodb documentation with care and make sure that you honour their API contract. For example: mongoc_init(): Initialize the MongoDB C

Re: dict_mongodb

On Thu, Jun 16, 2022 at 08:11:20PM +, Hamid Maadani wrote: > I have uploaded the latest code, which simplifies filters, projections > and accommodates multiple results. In this version: > > - Users can search by specifying search keys, OR writing more advanced > filters. If search_keys > are

Re: dict_mongodb

On Wed, Jun 15, 2022 at 10:12:57PM +, Hamid Maadani wrote: > Let's say I have a database called 'mail' in my MongoDB cluster, and there > is a collection (table) named 'mailbox' inside of it. > Each object in this collection holds a mailbox, and also includes it's > aliases (real world

Re: dict_mongodb

On Wed, Jun 15, 2022 at 09:22:37PM +, Hamid Maadani wrote: > This is good, was unaware of the multi-row result standard. > How does this work with other DBs? for example, if you have two result sets: > { "name": "hamid", "value": "test" } > { "name": "viktor", "value": "test2" } Well,

Re: dict_mongodb

On Wed, Jun 15, 2022 at 04:22:11PM +, Hamid Maadani wrote: > I have developed a MongoDB module for postfix. Given that > mongo-c-driver has gone mainstream on most linux distributions, I > personally think this would be a good addition to postfix, allowing > users to use MongoDB as a backend

Re: Quarantine message using milter

On Wed, Jun 15, 2022 at 10:58:35AM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > Release all quarantined mail from "harml...@example.net" to > > "artl...@example.org" (and any other recipients of the same message > > envelope): > > > &g

Re: Quarantine message using milter

On Wed, Jun 15, 2022 at 08:54:34AM -0400, Wietse Venema wrote: > That queue ID should also show up in the 'hold' queue when you use > the "mailq" command. Example: > > $ mailq | grep '!' > 4LN9p23LK0zJrP1! 983 Tue Jun 14 23:31:34 u...@example.com Alternatively, use the

Re: Possible remote DOS triggering qmgr 'unix-domain name too long' crash?

On Fri, Oct 29, 2021 at 09:00:20AM +0200, Benoît Panizzon wrote: > It turned out, one file in the 'active' queue, was causing qmgr to > crash: > > postfix/qmgr[86256]: fatal: unix-domain name too long: > private/fwZ+GX2pP7y/mKTz0/vD8xX7o/.../BqIQ4kqVv3lAEe6idjSSxkUp5oAj3U/FGKWgCN It sure looks

Re: XCLIENT enhancement needed

On Mon, Oct 11, 2021 at 07:17:12PM -0400, Wietse Venema wrote: > > If the goal is to leave a forensic trace, then it may be simpler to add > > an optional list of trace key/value pairs to XCLIENT, which the > > receiving MTA can choose to add to the message Received header. > > > >

Re: XCLIENT enhancement needed

On Mon, Oct 11, 2021 at 08:10:05AM +, Kai KRETSCHMANN wrote: > The monitoring rspamd now has no chance to see in the latest Received > header in the connection was received TLS encrpyted or plain text. If the goal is to leave a forensic trace, then it may be simpler to add an optional list

Re: unix socket group and world read write permissions?

On Tue, Sep 28, 2021 at 08:42:11PM -0400, Jason Pyeron wrote: > Right - which is why I am asking about using 0666 vs 0600? This is not > restrictive. > > In v3.6.2: > postfix/src/util/unix_listen.c:96:if (fchmod(sock, 0666) < 0) > postfix/src/util/unix_listen.c:99:if (chmod(addr, 0666)

Re: [PATCH] A Problem in compat_level_from_string()

On Tue, Jun 22, 2021 at 10:49:49AM -0700, David Bohman wrote: > You cannot assume that the value returned to 'endptr' is greater than > 'str' on a valid result. It could be a different string entirely, with > a lesser pointer value. That is up to the implementation. Postfix does not pass

Re: DB_README: How to specify library path for `libdb-5.3.so`?

On Tue, Apr 20, 2021 at 09:20:40AM -0400, Wietse Venema wrote: > Paul Menzel: > > Would you accept a patch to add fix the instructions in `DB_README`? > > I think your problem is that /etc/ld.so.conf needs updating when you > install libdb in a nonstandard place. But one can also augment the

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

On Fri, Aug 21, 2020 at 05:38:42PM -0400, Wietse Venema wrote: > thorsten.hab...@findichgut.net: > > Any chance to backport the patch to 3.4/3.5? > > This is more change than is allowed in a stable release. Postfix > 3.6 drops support for OpenSSL < 1.1.1, deletes o(thousand) lines > of DANE

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

> On Aug 21, 2020, at 5:21 PM, thorsten.hab...@findichgut.net wrote: > > By the way I already applied your last patch on the testing environment. > No problems found so far. tafile and CApath based mandatory TLS delivery > work just fine. Thanks for the confirmation. Fortunately, the good news

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

On Fri, Aug 21, 2020 at 03:11:50PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > On Fri, Aug 21, 2020 at 10:59:11AM -0400, Wietse Venema wrote: > > > > > > Viktor Dukhovni: > > > > > - &_DANE_BASED(state->client_start_props->

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

On Fri, Aug 21, 2020 at 10:59:11AM -0400, Wietse Venema wrote: > > Viktor Dukhovni: > > > - &_DANE_BASED(state->client_start_props->tls_level)) > > > + && TLS_DANE_HASTA(state->client_start_props->dane)) > > > msg_warn("

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

On Fri, Aug 21, 2020 at 10:32:10AM +0300, Thorsten Habich wrote: > > This is relevant, but probably not 100% accurate, likely some domains > > also intermittently failed routine CAfile-based validation. > > Thanks for the patch.  There was no higher number of certificate > verification failures

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

On Thu, Aug 20, 2020 at 01:20:00PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > > - &_DANE_BASED(state->client_start_props->tls_level)) > > + && TLS_DANE_HASTA(state->client_start_props->dane)) > > @@ -1427,7 +1427,7 @@ static void tlsp

Re: PATCH #2: connection_reuse

On Thu, Aug 20, 2020 at 04:59:49PM +0300, Thorsten Habich wrote: > > - Do FAILURES happen ONLY after a session is RESUMED. > > Sorry, no. The first connection decides if the problem occurs or not. > If the session is resumed the error only occurs *if the first > connection failed*. Thanks for

Re: PATCH #2: connection_reuse

On Wed, Aug 19, 2020 at 10:52:20AM +0300, Thorsten Habich wrote: > > > the certificate verification with TA file option still occasionally fails: > > How is the use of a TA file relevant here? > > It only happens with the domains configured with TA file option. Do *resumed* sessions always fail

Re: PATCH #2: connection_reuse

On Fri, Aug 14, 2020 at 02:30:03PM +0300, Thorsten Habich wrote: > the certificate verification with TA file option still occasionally fails: How is the use of a TA file relevant here? > 2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]: > certificate verification failed for

Re: Fairness for single-recipient bulk mail

On Wed, Jun 24, 2020 at 04:43:55PM -0400, Wietse Venema wrote: > For a given transport and destination, if all three classes have > work then round-robin interleaving gives each class gets 1/3 of the > delivery slots, 1/2 if there are only two classes with work, all > slots if there is only one

Re: MTA-STS and Server Name Indication (SNI) on mail servers

On Wed, Jun 17, 2020 at 04:20:00PM -0400, John Levine wrote: > In article <49nfx174fgzj...@spike.porcupine.org> you write: > >Postfix will send SNI when it is told (by policy) what servername > >to use. It can be statically configured as smtp_tls_servername, > >or dynamically in an

Re: MTA-STS and Server Name Indication (SNI) on mail servers

On Wed, Jun 17, 2020 at 03:30:09PM -0400, Wietse Venema wrote: > > Looking at the mail logs for my servers, it's pretty clear that > > Postfix doesn't send SNI. I would also guess that if a Postfix MTA has > > multiple names, it doesn't have any way to select a certificate using > > SNI. This is

Re: connection_reuse

On Wed, Jun 17, 2020 at 06:05:44PM +0300, Thorsten Habich wrote: > unfortunatelly I ran into a but when trying to use the connection_reuse > parameter in a TLS policy maps file. > Attached you can find a patch, to get this option running. Thanks for the patch, indeed the "continue" is needed. >

Re: Lua target

On Tue, Jan 14, 2020 at 02:34:42PM +0100, Thierry Fournier wrote: > What do you think about delivery target executing natively Lua code ? I don't see a need for this. > It does the same thing than “pipe", but much quickly because there > are no fork/exec and compile/recompile Lua code only at

Re: patch for replacing the text of postfix built-in reject messages

On Sun, Jan 12, 2020 at 11:09:12AM -0500, Wietse Venema wrote: > > Glad that you propose to implement this way. However things will > > be more complicated : should new smtpd_reply_filter_maps and > > smtpd_reject_footer_maps be executed in sequence ? or be exclusive ? > > I think that for

Re: New functionality proposal

On Wed, Jan 08, 2020 at 09:36:48AM +0100, Thierry Fournier wrote: > > - An "smtp_nexthop_override_maps" feature that replaces the domain > > in the delivery request with one or more domain names. You decide > > the order of names in the result, and if the original domain > > should be part of

Re: [PATCH] dns_lookup: Fix compilation with uClibc-ng

The patch is incorrect/incomplete. You can't just comment out the call that does the work. > On May 3, 2019, at 1:30 AM, Rosen Penev wrote: > > uClibc-ng does not have res_send or res_nsend. > --- > src/dns/dns_lookup.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git

Re: RFE: DANE functions + log

On Mon, Nov 19, 2018 at 11:45:18PM +0100, J. Thomsen wrote: > >> 1) Postfix > >> Later I have found the posttls-finger program in the Postfix > >> distribution, but > >> the logging in this program should be present in the Postfix smtp itself > >> when using the > >> smtp_tls_loglevel

Re: RFE: DANE functions + log

> On Nov 19, 2018, at 7:12 AM, J. Thomsen wrote: > > 1) Postfix > Later I have found the posttls-finger program in the Postfix distribution, > but > the logging in this program should be present in the Postfix smtp itself > when using the > smtp_tls_loglevel parameter (and still

Re: Writing a SMTP Extension

[ Oops, postfix-users was the wrong list apparently, reposting to postfix-devel ] > On Dec 26, 2017, at 8:29 PM, Tom Maier wrote: > > Within my uni project I have to implement additional SMTP commands in > order to upload or download data (e.g., base64 encoded data). This is >

Re: RFE: postqueue top sender

On Mon, Oct 19, 2015 at 08:26:21PM -0400, Wietse Venema wrote: > This internal communication uses Postfix-style records. For the > external interface to other programs, a different format would be > more suitable. I don't know if JSON is still cool these days, but > that would be a possibility.

Re: smtpd_sender_login_maps and multiple lookup tables

On Thu, Oct 08, 2015 at 01:12:15AM +0200, Axel Luttgens wrote: > I mean, this could be a hint to tweak the algorithm so as to implicitely make > use of a "DUNNO" condition; There no such thing as a "DUNNO" condition. That's an access keyword in access(5) maps that short-circuits searches for

Re: smtpd_sender_login_maps and multiple lookup tables

On Mon, Oct 05, 2015 at 10:38:04PM +0200, Axel Luttgens wrote: > >>smtpd_sender_login_maps = > >>hash:$config_directory/maps/sender_login_exceptions > >>sqlite:db_sender_login_map > >> > >> user emurphy may send with either sender address "ed.mur...@example.com" > >>

Re: smtpd_sender_login_maps and multiple lookup tables

On Mon, Oct 05, 2015 at 06:39:12PM +0200, Axel Luttgens wrote: > As usual, I’ll probably appear quite dumb, but I’ll ask anyway. ;-) > > Let’s say I have following data in the database (db_sender_login_map): > > from_addresslogin > = >

Re: RFE: Additional postqueue output format

On Tue, Sep 08, 2015 at 10:13:30AM +0200, Patrick Ben Koetter wrote: > At the moment I need to know the top senders in a mail queue with more than 2 > million messages. I'd rather not dig in the logs, but use Postfix internal > knowledge about messages currently in queue. A log analyzer that

Re: RFE: Additional postqueue output format

On Tue, Sep 08, 2015 at 03:48:25AM +0200, Patrick Ben Koetter wrote: > $ postqueue -p > Queue ID- --Size-- ---Arrival Time --Sender/Recipient-- > 3n97rq4vbmz1gT2660 Tue Sep 8 03:18:03 dane-users-boun...@sys4.de > (connect to

Re: Postfix 3.0.1 dynamicmaps.c

On Tue, Apr 21, 2015 at 11:02:11AM -0400, Wietse Venema wrote: Postfix is the messenger, don't blame the messenger for bad news. ---8--- Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_push: open /etc/postfix/dynamicmaps.cf.d Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_next:

Re: PATCH: Postfix 3.0.1 dynamicmaps.c

On Wed, Apr 22, 2015 at 01:50:31AM +0200, Matthias Andree wrote: I would like to chime in here. I believe there is a misunderstanding of the API, IEEE Std 1003.1, 2013 Edition aka. The Open Group Base Specifications Issue 7 for readdir() explicitly state that on end-of-directory, errno is

Re: Postfix 3.0.1 dynamicmaps.c

On Tue, Apr 21, 2015 at 06:58:40PM +0300, Mika Ilmaranta wrote: diff -up postfix-3.0.1/src/global/dynamicmaps.c.reset-errno postfix-3.0.1/src/global/dynamicmaps.c --- postfix-3.0.1/src/global/dynamicmaps.c.reset-errno2015-04-21 18:37:29.641532865 +0300 +++

Re: Postfix 3.0.1 dynamicmaps.c

On Tue, Apr 21, 2015 at 07:14:37PM +0300, Mika Ilmaranta wrote: It's empty and SeLinux context is correct. [root@foo7 ~]# ls -la /etc/postfix/dynamicmaps.cf.d/ total 4 drwxr-xr-x. 2 root root6 Apr 21 18:46 . drwxr-xr-x. 4 root root 4096 Apr 21 18:51 .. Thanks, so in your case, errno

Re: missing include in allascii.c

On Tue, Feb 17, 2015 at 10:06:34AM +, Eray Aslan wrote: --- src/util/allascii.c 2015-02-17 00:43:56.0 + +++ src/util//allascii.c 2015-02-17 10:01:47.775727110 + @@ -35,6 +35,7 @@ #include sys_defs.h #include ctype.h +#include string.h /* Utility

Re: Possible problem with dead code in src/postlog/postlog.c (proposed patch)

On Wed, Feb 11, 2015 at 06:17:13PM -0800, Corey Ashford wrote: From our reading of the code, tag can never be 0 there, so that makes the then part of the if statement dead code. After that, there's another if statement (line 254) that will always evaluate as true: if (tag != 0) {

Re: Patch: Unicode email support (RFC 6531, 6532, 6533)

On Thu, Jun 05, 2014 at 02:24:38PM +0200, Arnt Gulbrandsen wrote: But ? is nasty. I have even found two domains that differ only in ?/i, so Postfix cannot treat them as equal. Domains passed to lookup tables and match lists need to be in a-label form. The remaining surprises with domains and

Re: Patch: Unicode email support (RFC 6531, 6532, 6533)

On Thu, Jun 05, 2014 at 05:18:48PM +0200, Arnt Gulbrandsen wrote: On Thursday, June 5, 2014 4:32:52 PM CEST, Viktor Dukhovni wrote: Domains passed to lookup tables and match lists need to be in a-label form. That would make pcre almost impossible and mysql and pgsql lookups rather

Re: RFC: Verify concurrency limit

On Tue, Apr 22, 2014 at 01:50:49PM -0400, Wietse Venema wrote: A global limit on the number of pending probes affects only unknown email addresses. Postfix proactively refreshes known email addresses well before they expire. I am not an idiot. Whether this is sufficient depends on the cache

Re: Ambiguous description on reject_unknown_recipient_domain

On Fri, Feb 14, 2014 at 01:17:14PM +0800, King Cao wrote: *reject_unknown_recipient_domain*Reject the request when Postfix is not final destination for the recipient domain, and the RCPT TO domain has 1) *no DNS A or MX record* or 2) ... English is not symbolic logic, but the intent is

Re: TLS support

On Fri, Jan 10, 2014 at 11:44:04AM +0100, Patrick Ben Koetter wrote: Viktor, we're lucky to have Carsten Strotmann on our team (here at sys4). You may know him for his expertise on DNS. Carsten offered to assist in writing the DANE_README. Thanks. Very much appreciated. I'd like

Re: TLS support

On Fri, Jan 10, 2014 at 01:52:17PM +, Viktor Dukhovni wrote: There are also some DANE related parameters for the TLS library: tls_dane_digest_agility = on tls_dane_digests = sha512 sha256 tls_dane_trust_anchor_digest_enable = yes Another

Re: What causes 550 Action not taken ?

On Mon, Jan 06, 2014 at 03:04:20AM -, John Levine wrote: Looking at the logs, I'm seeing a lot of 550 Action not taken at end of data from recipient systems which I believe are running Postfix. Can someone tell me what that means, so I can tell the recipients to undo whatever they did to

Re: Patch: Support NOTIFY ESMTP parameter in SMFIR_ADDRCPT_PAR

On Sat, Nov 23, 2013 at 10:20:19AM -0800, Andrew Ayer wrote: The patch is simple and only touches two functions because most of the required pieces were already there. All I needed to do was split the argument list, parse the NOTIFY parameter (using the existing dsn_notify_mask() function),

Re: Patch: Support NOTIFY ESMTP parameter in SMFIR_ADDRCPT_PAR

On Sat, Nov 23, 2013 at 12:28:44PM -0800, Andrew Ayer wrote: Simple context-free splitting is in principle not sufficient: RCPT TO:perverse NOTIFY=bad address@example.com NOTIFY=good Though the smtpd(8) parser for RCPT TO may not cover 100% of the torture-test that is the

Re: Separate transport for retried recipients

On Thu, May 16, 2013 at 10:40:38AM +0200, Patrik Rak wrote: On 15.5.2013 20:30, Wietse Venema wrote: Patrik appears to have a source of mail that will never be delivered. He does not want to run a huge number of daemons; that is just wasteful. Knowing that some mail will never clear the

Re: Separate transport for retried recipients

On Thu, May 16, 2013 at 03:47:22PM +, Viktor Dukhovni wrote: The Postfix sitting there doing nothing problem is not new, that's what got me on the list posting comments and patches in June of 2001. For the record, it was July. http://archives.neohapsis.com/archives/postfix/2001-07

Re: Separate transport for retried recipients

On Wed, May 15, 2013 at 06:01:42PM +0200, Patrik Rak wrote: Still waiting to hear some reason why what I propose is bad. The various proposals are largely complementary. If we restrict the slow path to 80% of the process limit, that's not too dramatic a reduction (though slow mail should get

Re: Separate transport for retried recipients

On Wed, May 15, 2013 at 06:52:52PM +0200, Patrik Rak wrote: I would also like to point out that in my case, the slow mail is not a slow mail as in mail which goes to sites behind slow links. It is slow as in it takes long time before the delivery agent times out. Clear from the outset.

Re: Separate transport for retried recipients

On Wed, May 15, 2013 at 12:54:20PM -0400, Wietse Venema wrote: Viktor Dukhovni: Postfix already exerts too little back-pressure when the queue fills, Agreed. ignoring the deferred queue while taking more new mail quickly will eliminate most of that (when the incoming queue is You

Re: dynamic process limits (Separate transport for retried recipients)

On Tue, May 14, 2013 at 08:24:16AM -0400, Wietse Venema wrote: Viktor Dukhovni: Nothing I'm proposing creates less opportunity for delivery of new mail, rather I'm proposing dynamic (up to a limit) higher concurrency that soaks up a bounded amount of high latency traffic (ideally all

Re: Separate transport for retried recipients

On Mon, May 13, 2013 at 06:55:12AM -0400, Wietse Venema wrote: Viktor Dukhovni: The reasonable response to latency spikes is creating concurrency spikes. By design, Postfix MUST be able to run in a fixed resource budget. Your on-demand concurrency spikes break this principle

Re: Bug in Postfix regarding the 'smtpd_helo_required' option

On Mon, May 13, 2013 at 03:28:09PM +1000, Nikolas Kallis wrote: Also, my e-mail address was recently removed from the postfix-devel when I did not request it, nor was I consulted over the decision. If this happens again then I will cease contributing to Postfix. You've been removed again, for

Re: Separate transport for retried recipients

On Mon, May 13, 2013 at 09:10:13AM -0400, Wietse Venema wrote: No, there are two different process limits one for non-slow deliveries, No. It is a mistake to have an overload resource budget that is different for different kinds of overload. This is fundamental to the design of Postfix.

Re: Separate transport for retried recipients

On Mon, May 13, 2013 at 05:18:05PM -0400, Wietse Venema wrote: The qmgr(8) concurrency scheduler limits the concurrency per nexthop. That does not change when prescreen is inserted between qmgr(8) and smtp(8) processes. For each nexthop: number of qmgr-prescreen connections + number of

Re: Separate transport for retried recipients

On Mon, May 13, 2013 at 05:25:44PM +0200, Patrik Rak wrote: On 13.5.2013 12:55, Wietse Venema wrote: Viktor Dukhovni: The reasonable response to latency spikes is creating concurrency spikes. By design, Postfix MUST be able to run in a fixed resource budget. Your on-demand concurrency

Re: Separate transport for retried recipients

On Sun, May 12, 2013 at 11:22:22AM +0200, Patrik Rak wrote: The fact that qmgr doesn't know how many delivery agents for each transport are there doesn't help either. It only knows the var_proc_limit, which is not good enough for this. I recall we have had a discussion with Wietse long time

Re: Separate transport for retried recipients

On Sun, May 12, 2013 at 02:52:05PM -0400, Wietse Venema wrote: Please consider not hard-coding your two-class solution to new/deferred mail only, but allowing one level of indirection so that we can insert a many-to-2 mapping from message property (now: from queue to delivery class; later:

Re: Postfix and 'smtpd_helo_required'

On Mon, May 13, 2013 at 01:56:05PM +1000, Nikolas Kallis wrote: I am someone that won't use a spam prevention method that could block a a legitimate e-mail, and as so, my way of fighting spam is by protocol-compliance means only. This won't get you very far at all. Spam bots are largely

Re: Separate transport for retried recipients

On Sat, May 11, 2013 at 04:20:51PM +0200, Patrik Rak wrote: - What common use case has different per-recipient (not: per-sender, etc.) soft reject rates for a mail stream between two sites? Does it matter whether some portion of a mail stream between two sites is deferred because of the

Re: Separate transport for retried recipients

On Sat, May 11, 2013 at 06:33:22PM -0400, Wietse Venema wrote: Patrik Rak: This largely solves the problem, and is much simpler to configure: # Out of a total of $default_process_limit (100), leaving 20 # for fresh mail. Adjust appropriately when master.cf or #

Re: DANE, DNSSEC, GnuTLS, Postfix, Exim

On Sun, Jan 13, 2013 at 07:34:24AM +, Bry8 Star wrote: When can we expect a Postfix release, that will support DANE protocol ? so that it(postfix) can verify (using DANE DNSSEC protocols) the signed (and free) SSL/TLS certificates(cert) (or fingerprints) which we can pre-add in TLSA,

  1   2   >