On 2022-07-20 16:38, Viktor Dukhovni wrote:
On Wed, Jul 20, 2022 at 04:14:44PM -0400, Ben Johnson wrote:
postfix/proxymap[3378003]: warning: connect to mysql server 127.0.0.1:
SSL connection error: error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol
These error
Hello,
Somewhat recently, I began to notice failures of the following variety
in several similarly-configured servers' mail logs:
postfix/proxymap[3378003]: warning: connect to mysql server 127.0.0.1:
SSL connection error: error:1425F102:SSL
routines:ssl_choose_client_version:unsupported
On 10/13/2014 9:04 PM, Noel Jones wrote:
On 10/13/2014 6:54 PM, Ben Johnson wrote:
Hello!
Is it possible to require authentication based on specific properties of
an MUA or its connection?
I would like to require all connections that originate from the php-fpm
daemon (or its children
Hello!
Is it possible to require authentication based on specific properties of
an MUA or its connection?
I would like to require all connections that originate from the php-fpm
daemon (or its children) on the server in question to be forced to
authenticate when sending mail through Postfix.
At
Hello!
I have found the reject_unknown_sender_domain and
reject_unknown_recipient_domain restrictions to be very effective in
cutting-down on spam when applied to smtpd_recipient_restrictions.
Surely, there will be false-positives, but this is a small, private
server and the risk is worth the
On 7/9/2014 1:36 PM, Wietse Venema wrote:
Place check_recipient_access before reject_unknown_recipient_domain,
and check_sender_access before reject_unknown_sender_domain.
smtpd_recipient_restrictions =
permit_mynetworks
...
# Must go before whitelists.
Hello!
I've noticed increased Postfix activity as of late and am concerned that
something is configured inadequately (i.e., open-relay). For postconf
-n output, please skip to the end of this message.
So, I installed pflogsumm and my concerns seem valid. I'll address each
point of concern.
On 7/7/2014 1:45 PM, Noel Jones wrote:
On 7/7/2014 11:56 AM, Leonardo Rodrigues wrote:
Em 07/07/14 13:24, Ben Johnson escreveu:
Hello!
I've noticed increased Postfix activity as of late and am
concerned that
something is configured inadequately (i.e., open-relay). For
postconf
-n output
On 7/7/2014 2:47 PM, Ben Johnson wrote:
Thanks, Leonardo and Noel! I really appreciate the prompt replies.
Leonardo, I see no indication that whomever is sending this mail has
authenticated. And given that local connections are permitted to send
mail without authenticating on this server
Hello,
A daily rkhunter scan produced the following warning, which mentions Postfix.
Is this a false-positive?
Warning: Network TCP port 47107 is being used by /usr/lib/postfix/proxymap.
Possible rootkit: T0rn
Use the 'lsof -i' or 'netstat -an' command to check this.
The suggested
On 3/18/2014 11:14 AM, Viktor Dukhovni wrote:
On Tue, Mar 18, 2014 at 11:09:44AM -0400, Ben Johnson wrote:
A daily rkhunter scan produced the following warning, which
mentions Postfix. Is this a false-positive?
What is the anonymous port range on this system? Does proxymap
perform LDAP
On 3/1/2014 2:10 PM, Noel Jones wrote:
On 3/1/2014 12:17 PM, Ben Johnson wrote:
Noel, thank you for the incredibly detailed response. I appreciate your
time.
Hello,
I have a need to whitelist a specific sender domain (and any subdomain
thereof) such that some of Postfix's normal
Hello,
I have a need to whitelist a specific sender domain (and any subdomain
thereof) such that some of Postfix's normal smtpd_recipient_restrictions
are bypassed. Specifically, I need for network blacklist checks to be
skipped when the message originates from a specific domain (or any
subdomain
Hello,
I'm having some trouble getting a Comodo PositiveSSL certificate to work
correctly with Postfix 2.7.0.
I've attempted to follow the instructions at
http://www.postfix.org/postconf.5.html#smtpd_tls_cert_file :
You should include the required certificates in the server certificate
file,
On 1/22/2014 3:46 PM, Viktor Dukhovni wrote:
On Wed, Jan 22, 2014 at 03:07:33PM -0500, Ben Johnson wrote:
Thanks for expanding upon Wietse's response, Viktor.
I created the certificate with the following command:
$ cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt
/root
Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and,
in light of that information,
On 7/15/2013 1:03 PM, Patrick Ben Koetter wrote:
In absence of SNI either the MX of all domains point to one MX with a valid
cert or you bring up an instance per domain.
Bringing-up a Postfix instance per domain would require unique ports (or
a dedicated IP address) for each instance,
(Viktor, I'm going to reply to Wietse first, just because his questions
are fewer and I am hoping to clarify the points of confusion before
others reply.)
On 7/15/2013 1:24 PM, Wietse Venema wrote:
Ben Johnson:
Hello,
We host mail services for a few dozen domains. We will eventually
require
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What does the above mean?
Yes, these are submission clients
On 7/15/2013 3:14 PM, Wietse Venema wrote:
Ben Johnson:
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What
On 6/12/2013 4:40 PM, fletch wrote:
Peer,
There's no way that's a production figure. You may have queued that many,
but I seriously doubt you got anything close to 3-4 million/hour when
postfix was actually conducting delivery with the remote gateways...
This point is somewhat moot,
I seem to be able to setup a desktop email client and send email to my
server, from any external network, and the email will be accepted for
delivery as long as a) the sender uses any from address (local part)
@my.real-domain.com, and b) the recipient has a mailbox @my.real-domain.com.
The only
On 5/31/2013 2:39 PM, Noel Jones wrote:
On 5/31/2013 12:22 PM, Ben Johnson wrote:
I seem to be able to setup a desktop email client and send email to my
server, from any external network, and the email will be accepted for
delivery as long as a) the sender uses any from address (local part
On 5/31/2013 3:52 PM, Noel Jones wrote:
On 5/31/2013 2:06 PM, Ben Johnson wrote:
Okay. I understand. The implication here is that it doesn't matter
whether the user-agent connects directly to my server via SMTP to
delivery mail to my users, or he connects through his ISP's SMTP server
On 5/31/2013 4:11 PM, /dev/rob0 wrote:
On Fri, May 31, 2013 at 03:06:38PM -0400, Ben Johnson wrote:
On 5/31/2013 2:39 PM, Noel Jones wrote:
On 5/31/2013 12:22 PM, Ben Johnson wrote:
Postfix postfinger output for this server (prior to closing
this hole):
http://pastebin.com/QGE3cah5
On 5/28/2013 1:38 PM, Wietse Venema wrote:
Viktor Dukhovni:
On Tue, May 28, 2013 at 01:18:25PM -0400, Wietse Venema wrote:
I strongly suggest that you swap the order of the following
two rules in main.cf:
check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
Hello,
I am experiencing something very similar to, or exactly the same as,
what is described at
http://www.tolaris.com/2009/07/15/stopping-spam-botnets-with-fail2ban/ .
Basically, someone/something has been attempting to relay mail through
my server (at least I believe that to be what's
27 matches
Mail list logo
