Re: enabling xforward in ehlo

2017-04-24 Thread Robert Moskowitz
On 04/24/2017 11:54 PM, Viktor Dukhovni wrote: On Apr 24, 2017, at 5:43 PM, Robert Moskowitz wrote: http://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts I read that too. Can I specify $mynetworks ? Quote: Specify a list of network/netmask

Re: enabling xforward in ehlo

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 5:43 PM, Robert Moskowitz wrote: > >> http://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts >> > I read that too. Can I specify $mynetworks ? Quote: Specify a list of network/netmask patterns, separated by commas and/or

Re: Segfault

2017-04-24 Thread Wietse Venema
Gabriel Marais: > Apr 23 19:00:15 smtp-02 postfix/master[18906]: warning: process > /usr/lib/postfix/pickup pid 21010 exit status 1 What did the pickup daemon log *before* this? Error messages from the pickup daemon are rare. $ grep pickup.21010 /the/maillog/file > Apr 23 19:00:56 smtp-02

Re: enabling xforward in ehlo

2017-04-24 Thread Robert Moskowitz
On 04/24/2017 11:35 PM, Viktor Dukhovni wrote: On Apr 24, 2017, at 5:14 PM, Robert Moskowitz wrote: I have spent some time today searching postfix documentation for enabling xforward in smtpd. I am not seeing it in the response to the EHLO when I telnet into localhost

Re: enabling xforward in ehlo

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 5:14 PM, Robert Moskowitz wrote: > > I have spent some time today searching postfix documentation for enabling > xforward in smtpd. I am not seeing it in the response to the EHLO when I > telnet into localhost 25. I cannot find any reference to

enabling xforward in ehlo

2017-04-24 Thread Robert Moskowitz
Postfix 2.10.1 I have spent some time today searching postfix documentation for enabling xforward in smtpd. I am not seeing it in the response to the EHLO when I telnet into localhost 25. I cannot find any reference to what to put in master.cf (or main.cf) to do this. I THINK I need this

Re: Need help with TLS keys...

2017-04-24 Thread Michael Segel
> On Apr 24, 2017, at 12:15 PM, Viktor Dukhovni > wrote: > > >> On Apr 24, 2017, at 12:51 PM, Michael Segel wrote: >> >> I wouldn’t say fashionista… >> >> More of an experiment since its easy to replace the tickets. >> I wanted to try

Re: Need help with TLS keys...

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 12:51 PM, Michael Segel wrote: > > I wouldn’t say fashionista… > > More of an experiment since its easy to replace the tickets. > I wanted to try something a wee bit more secure. There’s actually a > downstream reason for this… Excessively

Re: Need help with TLS keys...

2017-04-24 Thread Michael Segel
I wouldn’t say fashionista… More of an experiment since its easy to replace the tickets. I wanted to try something a wee bit more secure. There’s actually a downstream reason for this… But of course, I’m still at a loss as to why the initial rDNS handshake as well as attempts to hit

Re: Need help with TLS keys...

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 10:20 AM, Michael Segel wrote: > > (Of course the cert is 8192 which may be a bit excessive over 2048) Don't be a crypto fashionista. Generate a 2048-bit key and obtain and deploy a corresponding 2048-bit certificate. -- Viktor.

Re: Segfault

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 3:09 AM, Gabriel Marais > wrote: > > Apr 23 19:00:15 smtp-02 postfix/master[18906]: warning: process > /usr/lib/postfix/pickup pid 21010 exit status 1 > Apr 23 19:00:15 smtp-02 postfix/master[18906]: warning: > /usr/lib/postfix/pickup: bad

Re: Segfault

2017-04-24 Thread Wietse Venema
> Does anyone have an idea what would cause this behaviour? Look for the mesage in the maildrop queue. postqueue -p postcat -q the-queue-id pickup daemons should not crash. Wietse

Re: connection caching - limitations

2017-04-24 Thread Wietse Venema
Viktor Dukhovni: > > last message > > Apr 24 10:48:56 submitter postfix/pickup[29155]: 3wBKkw1tlJzGNV: uid=12345 > > from=<$sender> > > Apr 24 10:51:43 submitter postfix/smtp[30768]: 3wBKkw1tlJzGNV: > > to=<$recipient>, relay=$MSA:25, delay=167, delays=0.03/165/0.41/1.2, > > dsn=2.0.0,

Re: connection caching - limitations

2017-04-24 Thread Viktor Dukhovni
> On Apr 24, 2017, at 6:34 AM, A. Schulze wrote: > > Today I send 5k messages and /measure/ the times. Look closely at the delays=a/b/c/d times. > time for i in `seq 1 5000`; do sendmail -f $sender $recipient < msgfile; done > real3m34.281s > user0m13.120s >

Re: Need help with TLS keys...

2017-04-24 Thread Michael Segel
Sorry this hit my junkmail folder… The fix to this was to turn off SELinux. Everytime the smtpd daemon tried to read the cert, it would get denied. Once I turned off SELinux… it was happy. (Of course the cert is 8192 which may be a bit excessive over 2048) -Mike > On Apr 20, 2017, at

Re: connection caching - limitations

2017-04-24 Thread A. Schulze
Viktor Dukhovni: You've provided no information on where the performance bottleneck lies. What are the averages of the delays=a/b/c/d log values? Thanks to Viktor for the reminder to "proof the performance bottleneck" Today I send 5k messages and /measure/ the times. time for i in `seq 1

Segfault

2017-04-24 Thread Gabriel Marais
Hi Guys One of my SMTP servers became unavailable yesterday. I'm not sure if it is directly related to Postfix but I am seeing the following out of my syslog log (especially interested in the kernel: segfaults):- Apr 23 19:00:15 smtp-02 postfix/master[18906]: warning: process