Is it possible to not only configure a key (pem) file for the server key but
also a location on a secure token ? E.g. somehow set the openssl engine
parameter for postfix instead of using smtpd_tls_key_file?
Is the same possible for client authentication (e.g. sending to a domain which
--- On Fri, 1/4/13, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: TLS Server Key on HSM
To: Postfix users postfix-users@postfix.org
Date: Friday, January 4, 2013, 9:12 AM
Harakiri:
Is it possible to not only configure a key (pem) file
When trying to sent a mail to -u...@domain.com postfix will complain
warning: Illegal address syntax from host in RCPT command: -u...@domain.com
and reject the message with 501 5.1.3 Bad recipient address syntax.
Now can anyone point me to the part in the RFC that prohibits the - at the
start
I have a tcp table and policy service - when i shut these down, i close each
open session and unbind the listener port - for some reason postfix does not
close its client connection to them for about 60sec.
Now, is there a sure way to tell postfix to disconnect from his client session?
Here
--- On Mon, 8/20/12, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: How to correctly signal postfix to close the session from an TCP
Table/Policy Service - Connections are kept open for 1min after service
shutdown
You can look at
--- On Mon, 8/20/12, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: How to correctly signal postfix to close the session from an TCP
Table/Policy Service - Connections are kept open for 1min after service
shutdown
To: Postfix users
Ive implemented a TCP table which will tell postfix which destination IP should
be used for internal relay.
A TCP Table lookup only works with GET recipient - is it somehow possible to
have all the information provided similar to the check_policy_service ?
E.g. The transport destination should
/2012 10:53 AM, Harakiri
wrote:
Ive implemented a TCP table which will tell postfix
which destination IP should be used for internal relay.
A TCP Table lookup only works with GET
recipient
Correct. The lookup key for transport_maps is the
recipient address
regardless of table type
I have currently a whitelist which checks inbound recipients against an ldap
using a combination of
relay_recipient_maps = ldap_config...
smtpd_recipient_restrictions = permit_mynetworks ...reject_unlisted_recipient
Now i want to have a similar solution for outbound, only enveloped from
Harakiri:
smtpd_sender_restrictions =ldap2_config..., reject
the problem with this is - that this check is also
executed for
inbound mails.
smtpd_sender_restrictions = permit_mynetworks, ...
Wietse
This is exactly the wrong away around - as i said i need to verify enveloped
sender
--- On Tue, 2/21/12, Noel Jones njo...@megan.vbhcs.org wrote:
From: Noel Jones njo...@megan.vbhcs.org
Subject: Re: check_sender_access only for outbound mails e.g. those that
are in mynetworks
something like:
# /etc/postfix/mynetworks.cidr
127.0.0.0/8 OK {or check_local_sender
--- On Wed, 5/19/10, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: Disable Connection Cache for local filters
To: Postfix users postfix-users@postfix.org
Date: Wednesday, May 19, 2010, 7:16 AM
Harakiri:
However, i would like to disable
--- On Wed, 5/19/10, Michael Tokarev m...@tls.msk.ru wrote:
From: Michael Tokarev m...@tls.msk.ru
Subject: Re: Using -o
postfix complains about an invalid syntax (probably
due the space between policy server and
unix:private/policy)
Try using a comma instead of a space there:
-o
Does the following
http://www.postfix.org/CONNECTION_CACHE_README.html
apply to : When postfix sents a RSET smtp command, and delivers a new mail
using the same connection ?
I understand that by default it will use smtp_connection_cache_on_demand on a
high queue (what number exactly?).
I can use
smtpd_end_of_data_restrictions=check_policy_service unix:private/policy
just fine in the main.cf. However this has the drawback that i need to
add
-o smtpd_end_of_data_restrictions=
to each filter in the master.cf which should not use the policy service again.
When i try to only set
I have postfix relay server, which relays messages from the internet to an
internal mailserver, but it should only expect messages to known internal
recipients.
However, there is one external server which is allowed to sent to users which
are not defined in the recipient maps (i.e. group
Hi,
after upgrading a machine from etch to lenny i get the following warning
postfix/smtpd[23231]: warning: pcre map /etc/postfix/postfix_rbl_check, line 0:
ignoring unrecognized request
main.cf:
check_client_access pcre:/etc/postfix/postfix_rbl_check
file:
reject_rbl_client
--- On Tue, 1/19/10, Wietse Venema wie...@porcupine.org wrote:
That is not a valid PCRE file entry, and it has never been
valid.
Postfix promises compatibility only for behavior that is
promised
by documentation. Postfix behavior for invalid inputs is
subject
to change without prior
--- On Tue, 1/19/10, Noel Jones njo...@megan.vbhcs.org wrote:
From: Noel Jones njo...@megan.vbhcs.org
Subject: Re: Changes in PCRE handling postfix etch vs lenny?
To: postfix-users@postfix.org
Date: Tuesday, January 19, 2010, 11:42 AM
On 1/19/2010 9:57 AM, Harakiri
wrote:
See
, Nov 26, 2009 at 05:02:33AM
-0800, Harakiri wrote:
I have an unreleased utility to probe the TLS support of
remote TLS
servers, but it is NOT intended for use during message
delivery or
by content filters. Rather, the purpose is to determine the
available
security options for a tls policy
--- On Fri, 11/27/09, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: CMD tool to check if next SMTP hop can use TLS for messages?
To: Postfix users postfix-users@postfix.org
Date: Friday, November 27, 2009, 11:14 AM
Harakiri:
1
Hi,
i have a filter which does some things to outgoing mail, now i would like to
check if this mail will possibly sent using TLS (config is, try TLS if
available, if not just sent plain). Is there a tool (except openssl) from
postfix to verify if a message could be sent via TLS to a host? I
Hi,
my current setup is using check_recipient_access with a SQL table. This works
fine since i can negate the query to return REJECT when a user is not found, if
the user is found, the query returns DUNNO to proceed with addtional checks
(greylisting, rbl), im doing this with a simple sql
--- On Wed, 10/28/09, Noel Jones njo...@megan.vbhcs.org wrote:
The proper solution is to use postfix's built-in recipient
validation. Valid recipients should be listed in the
proper
table for the address class of the recipient domain, then
you
can reject all unknown recipients with a
Hello,
can a postfix guru please look over my easy configuration? I wanted to create
some very easy antispam defense using only postfix (postgrey).
I created a new smtpd_restriction_classes, which i appended to
smtpd_recipient_restrictions.
my_filtering = check_recipient_access
Im using proxymap for an sql recipient check query, however when the file
doesnt have postfix permission - the following error occurs
postfix/proxymap[12724]: fatal: open /etc/mydir/recipient_check
whats weird is, all other config files like postfix_mynetworks
postfix_relaydomains which have
--- On Mon, 10/26/09, Wietse Venema wie...@porcupine.org wrote:
In the section titled SECURITY, there needs to be a note
that
proxymap always opens tables with the privileges of the
$mail_owner
UID and GID.
Wietse
Thanks, is there a particular reason why postfix itself can read
Hi,
the documentation wasnt clear about this. Is it possible to use multiple
check_client_access in smtpd_recipient_restrictions?
i.e (example).
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access pcre:/etc/postfix/rbl_checks
Hi,
im testing relay_recipient_maps with ldap. The problem is, what happends when
there is a network issue between the ldap and postfix server? What id like is
when there is an error quering the ldap, that postfix should either only
temporary refuse the message or allow it anyway.
I read
--- On Mon, 5/4/09, lst_ho...@kwsoft.de lst_ho...@kwsoft.de wrote:
From: lst_ho...@kwsoft.de lst_ho...@kwsoft.de
Subject: Re: Generate temporary error for ldap relay_recipient_maps for
network outages
To: postfix-users@postfix.org
Date: Monday, May 4, 2009, 11:36 AM
Zitat von Harakiri
On Mon, May 04, 2009 at 09:24:28AM -0700, Harakiri wrote:
I didnt see it mentioned in the docs - can you
configure this behaviour
at all?
When table lookups fail, Postfix responds with a 4XX error.
This is
not and should not be configurable.
should not be configureable ? nobody knows
Hi,
i have one specific sender domain which should be allowed to sent over postfix
servers, however this domain is not registered as MX or DNS.
Is there a way to exclude this domain from the reject_unknown_sender_domain
check? Maybe a whitelist for this setting or add the domain in the
--- On Thu, 2/26/09, Wietse Venema wie...@porcupine.org wrote:
From: Wietse Venema wie...@porcupine.org
Subject: Re: exclude one domain from reject_unknown_sender_domain
Why do people expect that OTHER mail servers will not
reject
mail with a bogus sender domain?
i dont expect it, i
--- On Mon, 2/16/09, Ralf Hildebrandt ralf.hildebra...@charite.de wrote:
From: Ralf Hildebrandt ralf.hildebra...@charite.de
Subject: Re: postmap changed between 2.3.8 and 2.5.5
To: postfix-users@postfix.org
Date: Monday, February 16, 2009, 8:00 AM
* richard lucassen
34 matches
Mail list logo