Re: SASL configuration issue

On Wed, Mar 27, 2019 at 02:40:36PM -0700, James Moe wrote: > 2019-03-27T14:16:57-0700 sma-station14l postfix/smtp[19939]: < > mail.sma.com[192.168.69.246]:5025: 250-sma-inc.us we trust you > sma-station14l.sma.com > 2019-03-27T14:16:57-0700 sma-station14l postfix/smtp[19939]: < >

Re: SPF Temperrors - minor thing

I think I have figured this out. I still haven't resolved it, but know where the issue lies. I had forgotten that I had an installation of pi-hole on my server. It had always worked great in the background, but it takes over dns operations, and I think that is causing these problems.

Re: "Chunk exceeds message size limit"

On 20/03/19 21:11, Markus Schönhaber wrote: Viktor Dukhovni, 19.3.2019 20:00 +0100: Note that, perhaps unintentionally, the treatment of "message_size_limit = 0" is not documented to mean "no limit". Perhaps we should also address that. I asked about that some years ago and Wietse told me

SASL configuration issue

Hello, postfix 3.3.1 opensuse 15.0 (linux ) AFAICT the configuration on this computer is the same as that on another where postfix works just fine. Obviously, something is different. The report of a mystery error is not much help. I cannot determine the failure. Postfix finds the

Re: Postfix benchmark: bug or performance regression ?

> On Mar 27, 2019, at 3:01 PM, Viktor Dukhovni > wrote: > > There's likely a bug. We should either simulate a synthetic nexthop > ($myhostname?) for unix-domain destinations, and then do nexthop > reuse (and perhaps do no caching by endpoint address for unix-domain > destinations), or go back

Re: Postfix benchmark: bug or performance regression ?

Juliana Rodrigueiro: > Excerpt of maillog version > 2.11.1: > Mar 27 14:46:50 localdomain postfix/lmtp[24750]: 6CEFF61: > to=, orig_to=, > relay=localdomain.com[/var/ > imap/socket/lmtp], delay=0.02, delays=0.01/0/0.01/0, dsn=2.1.5, status=sent > (250 2.1.5 Ok SESSIONID=) > Mar 27 14:46:50

Re: Postfix benchmark: bug or performance regression ?

On Wed, Mar 27, 2019 at 03:36:28PM +0100, Juliana Rodrigueiro wrote: > However, during a benchmark, we realized 3.3.2 was 5 times slower than the > version before. This is misleading. Postfix is not 5 times slower, your benchmark appears to be measuring the LMTP delivery rate to a single sink

Re: TLS client certificates and auth external

Le 27/03/2019 à 17:14, Viktor Dukhovni a écrit : On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: The goal is to be as transparent as possible : - if the client is not found in the relay_clientcerts, act as usual - if the client is found in the relay_clientcerts, no longer

Re: TLS client certificates and auth external

On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: > The goal is to be as transparent as possible : > - if the client is not found in the relay_clientcerts, act as usual > - if the client is found in the relay_clientcerts, no longer announce > AUTH support, the auth and identity

Re: TLS client certificates and auth external

Hello, Great piece of work ! It solve a big part of my problem, but sadly I need to go deeper. Le 18/03/2019 à 22:45, Bastian Schmidt a écrit : In the meantime I have completed a patch and sent it to Wietse and Victor, which adds an option smtpd_sasl_tls_ccert_username. As the patch is

Postfix benchmark: bug or performance regression ?

Hi all! We used to have postfix 2.6.11 in our systems, which was then updated with no problems to 3.3.2. However, during a benchmark, we realized 3.3.2 was 5 times slower than the version before. Even after disabling all mail filters the slowdown was still the same. The benchmark consists of

Re: permit_tls_clientcerts with CN matching

Le 27/03/2019 à 15:15, Wietse Venema a écrit : lst_ho...@kwsoft.de: Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will

Re: permit_tls_clientcerts with CN matching

lst_ho...@kwsoft.de: > Hello, > > we need to authenticate a SMTP client connection base on the CN of the > (trusted) client certificate. The client is not under our control > (O365 connector), so we will get no notification if the key > fingerprint will change. As far as i can see Postfix

RE: nfs as mailq storage?

De> Can you tell me witch param I need to change in main.cf to mount De> the nfs to the mailq? As others have said, you need to mount the NFS data store holding your mailq onto the server. But then you need to make sure your NFS server is robust and reliable as well. This starts to get into

permit_tls_clientcerts with CN matching

Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will change. As far as i can see Postfix is only able to use certificate

Re: difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps?

Thanks Yassine thats very helpful. Im going to modify the config to do it all with virtual_alias_maps On 27/03/2019 10:56, Yassine Chaouche wrote: On 3/27/19 11:19 AM, Andrew Wood wrote: What is the difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps? I

Re: nfs as mailq storage?

De Petter Mattheas: > Hello Wietse > > Can you tell me witch param I need to change in main.cf to mount the nfs to > the mailq? Postfix does not mount or unmount file systems. You MUST start Postfix AFTER you mount the file systems that Postfix needs. You MUST stop Postfix BEFORE you remove

Re: difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps?

On 3/27/19 11:19 AM, Andrew Wood wrote: What is the difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps? I can make alias@domain point to a mailbox by pairing it with the path to the maildir in virtual_mailbox_maps but it seems if I do that the alias can

Re: SPF Temperrors - minor thing

Here is the more complete mail.log, maybe that helps? ar 27 11:24:54 mail policyd-spf[16201]: Cached data for this instance: [] Mar 27 11:24:54 mail policyd-spf[16201]: skip_addresses enabled. Mar 27 11:24:54 mail policyd-spf[16201]: spfcheck: pyspf result: "['Temperror', 'SPF Temporary Error:

difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps?

What is the difference between setting up an alias in virtual_alias_maps and virtual_mailbox_maps? I can make alias@domain point to a mailbox by pairing it with the path to the maildir in virtual_mailbox_maps but it seems if I do that the alias can only point to one mailbox not multiple.

RE: nfs as mailq storage?

thnks Met vriendelijke groeten Kind regards De Petter Mattheas Technical support engineer – projects team IT-Department Jan De Nul Dredging N.V. T +32 (0)53 73 95 53 F +32 (0)53 21 00 31 www.jandenul.com From: owner-postfix-us...@postfix.org On Behalf Of Dominic

Re: nfs as mailq storage?

On Wed, 27 Mar 2019 at 07:44, De Petter Mattheas < mattheas.depet...@jandenul.com> wrote: > Hello Wietse > > Can you tell me witch param I need to change in main.cf to mount the nfs > to the mailq? > > Or do I need to make a symbolic link to the current mailq destination? > # postconf -d

Re: DMARC mitigation for mailing list server

Greetings, Matus UHLAR - fantomas! >>On 26 Mar 2019, at 14:47, Matus UHLAR - fantomas wrote: >>>if the mailing list doesn't modify existing headers, DKIM signatures >>>are >>>valid but they don't align, so DMARC policy is violated. > On 26.03.19 15:40, Bill Cole wrote: >>No: without

Re: nfs as mailq storage?

Greetings, De Petter Mattheas! > Hello Wietse >>> Is there a way for postfix to store its mailq on a nfs share? > >> Yes. See also http://www.postfix.org/NFS_README.html. > Can you tell me witch param I need to change in main.cf to mount the nfs to > the mailq? None. This has nothing to do

Re: DMARC mitigation for mailing list server

On 26 Mar 2019, at 14:47, Matus UHLAR - fantomas wrote: if the mailing list doesn't modify existing headers, DKIM signatures are valid but they don't align, so DMARC policy is violated. On 26.03.19 15:40, Bill Cole wrote: No: without modification of From, the original DKIM signature does

RE: nfs as mailq storage?

Hello Wietse Can you tell me witch param I need to change in main.cf to mount the nfs to the mailq? Or do I need to make a symbolic link to the current mailq destination? -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Wietse Venema Sent: 26 March 2019 17:08 To:

RE: nfs as mailq storage?

Hello That we know, we have set this till 100 days the max possible. But it's in case we have to reinstall the vm, due to error or unrecoverable. There for we want the queue to be stored on a nfs share, that way when the vm is rebuild and the nfs is mounted he can send the mails stored on the