[P-U] Re: Postfix lists are migrating to a new list server

sha256'), ams.1.list.sys4.de=invalid (public key: does not support hash algorithm 'sha256')) smtp.remote-ip=188.68.34.52; -- Harald Koch c...@pobox.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix

Re: Forwarding best practices

I use, J/K are the "next message/previous message" keyboard shortcuts. In Outlook, J is the "Mark as Junk" shortcut. I swear I hit it about once a day as I'm switching email clients ... -- Harald Koch c...@pobox.com

Re: should we use plaintext for message?

On Wed, Mar 18, 2020, at 11:27, Darac Marjal wrote: > Markdown is a very good step > towards this, IMO. Oh the irony... >From the initial announcement of Markdown by John Gruber >(https://web.archive.org/web/20040402182332/http://daringfireball.net/projects/markdown/): " the single biggest

Re: best practice for HA cluster

On Fri, Feb 8, 2019, at 06:40, Emmanuel Fusté wrote: > > Never use shared storage. It will be your main source of problems. Recognizing that shared storage is always a headache: How do you handle the situation where your active node crashes with queued, undelivered messages? -- Harald

Re: performance question

On 25 June 2018 at 09:42, Matus UHLAR - fantomas wrote: > > depends on how do you configure it. hash: should not have noticeable > performance impact. > a linear search through 2000 addresses should not have a noticeable performance impact either, compared to, say, network round-trip times...

Re: FWIW, port 465 gets standards-track blessing from RFC8314

> > I can't think of a single reason to have two submission ports. > Compatability with the clients that only implement one?

Re: [postfix-users] FWIW, port 465 gets standards-track blessing from RFC8314

Is this change in long-standing opinion of the IETF only because existing implementations so often ignore STARTTLS, or is there actually a security issue with STARTTLS (instead of implicit TLS)? -- Harald

Re: Self-signed TLS certificates (Minimal setup)

On Wed, Jan 24, 2018, at 08:37, Dirk Stöcker wrote: > > It's not sooo complicated: The length of your message contradicts that statement. (These days I recommend https://github.com/square/certstrap because it's easily scripted. I'm currently using it in several ansible playbooks, for example.)

Re: Question regarding Postfix virtual domains and SPF

I solved this particular problem (forwarding third-party email to google) using "postsrsd" https://github.com/roehling/postsrsd. SRS (Sender Rewriting Scheme) rewrites the envelope sender address so that it appears to be from your domain (allowing SPF to work). This is the scheme used by

Re: Copying IMAP messages instead of Forwarding?

This isn't an answer to your actual question, however: I've been using postsrsd (https://github.com/roehling/postsrsd) successfully to forward email in a similar situation - users with addresses on my box that they want to be forwarded to a Gmail account. It has obvious downsides, but it did

Re: What user should be specified for the opendikm -u UID option?

The info I posted earlier, about private keys read via a KeyTable - that comes from the "FILE PERMISSIONS" section of the opendkim man page. -- Harald

Re: What user should be specified for the opendikm -u UID option?

was forgetting. -- Harald On 3 September 2017 at 12:15, Harald Koch <c...@pobox.com> wrote: > haha I was going to mention the Arch Wiki - it also gives misleading > advice. Their improved setup has private keys owned by (and writable by!) > the same user that the daemon runs as

Re: What user should be specified for the opendikm -u UID option?

haha I was going to mention the Arch Wiki - it also gives misleading advice. Their improved setup has private keys owned by (and writable by!) the same user that the daemon runs as. Hacked daemon -> private key compromise. The default service file installed by the Arch package runs as root, btw,

Re: What user should be specified for the opendikm -u UID option?

Just a small nit: running opendkim as user opendkim in the systemd service file completely defeats the ability of opendkim to drop privileges *after* reading the private keys as root. I suspect most people aren't aware that having a daemon start as root and drop privileges itself is a security

Re: Puting the Postfix's queue into RAM disk

On 13 November 2015 at 07:51, Istvan Prosinger wrote: > > The point here is that at the start of this, a temporary deferred mail > queue will build up signifficantly pushing most of the load on the file > system, and the idea is to speed up the queue processing to prevent

Re: RC4 in live email servers?

In my case It turned out to be me being incredibly stupid; I had smtpd_tls_mandatory_exclude_ciphers = RC4 instead of smtpd_tls_exclude_ciphers = RC4 yahoo.com is using AES128 now. *looks embarrassed...* -- Harald

Re: RC4 in live email servers?

Maybe it's just a configuration error on my side, but all SMTP from yahoo.com servers to mine still uses RC4... -- Harald

Re: POODLE: smtpd_tls_mandatory_protocols question

On 15 October 2014 17:06, Robert Schetterer r...@sys4.de wrote: doesnt look loosing much here 4 SSLv3 22353 TLSv1 2 SSLv3 17664 TLSv1 When I did this I saw about the same number of SSLv3 connections so I looked at them in detail and every one was a SPAM attempt. (RC4 on the other

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 25 October 2013 14:42, Charles Marcus cmar...@media-brokers.com wrote: Whether it is iOS specific or not (apparently it is, at least for the time being, iOS specific), it also applies to the smtp connection to my *postfix* server, so I disagree that it is OT. Apparently it is not a hoax,

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 25 October 2013 16:34, Charles Marcus cmar...@media-brokers.com wrote: Not according to this (from the second paragraph of the linked article): Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your

Re: email address (u...@domain.tld) as username?

On 27 September 2013 05:32, Tomasz Chmielewski t...@virtall.com wrote: This system will however host 5 or so email accounts, that number will not grow, and I'd rather avoid extra complexity virtual setup brings (as virtual users for Postfix is one, and matching virtual users for the POP/IMAP

Re: Someone is harassing my smtp.

The internet is a swamp, and Relay access denied is relatively cheap - if I were you I wouldn't waste valuable brain cells thinking about this, and just ignore them. Now if they're getting through your filters, that's a different story... -- Harald

Re: Using Roundcube to send mail on localhost

On 25/10/2011 5:29 PM, Seth Kneller wrote: I have postfix and roundcube installed on the same server, postfix is setup to use SASL auth and STARTTLS and I can send messages from remote clients. However I cannot send messages from roundcube on the localhost. Can anyone help or point me to where

Re: Should I have postgrey listen on a socket?

On 05/12/2010 11:10 AM, Roger Marquis wrote: I don't personally know why application designers tend to use localhost IP ports instead of sockets, it's probably easier to code, but it is also more difficult for end-users / systems admins to secure. Generally speaking? Because some application