Please don't make a new e-mail thread(or don't remove references) for
each reply and please don't top-post.
Thank you!
--
KSB
roblems from stollen(by malware) credentials, than from
trusted client networks without any other AUTH.
--
KSB
Hi,
Is it possible to configure sender_dependent_relayhost_maps with
failover hosts, probably with priorities?
--
KSB
On 2017.03.08. 17:53, Viktor Dukhovni wrote:
On Mar 8, 2017, at 5:51 AM, KSB <list...@ksb.id.lv> wrote:
After upgrading to postfix 3.1 (from 2.9), one of our clients said, it cannot
send mail anymore(he has OE6 on XP and said it's planned to upgrade, but not
now).
What we got in
to ciphers configuration - everything is left default:
# postconf -n | grep cipher
#
We also noticed that tls_medium_cipherlist has changed, is it cause of
this problem (real cause is old software though)?
--
KSB
On 2016.09.28. 18:03, KSB wrote:
Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
We also have probably strict HELO:
smtpd_helo_required = yes
smtpd_helo_restrictions
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
and also that old scanners don't qualify for correct hello, so we cannot
say to them "use 25 port, which can be used without TLS".
So I'm thinking about best compromise in this situation... Ideas?
--
KSB
/geotrust-ssl-certificates.aspx
When we need some specific certificates, our company used to by from
GoGetSSL.com
Geotrust's rapid for comparision: https://www.gogetssl.com/rapidssl/
--
KSB
g new keys with each update, and that is easily
avoided.
-Ralph
No, probably they will go down to 30 days as most admins learn to do
automation.
--
KSB
nt
would needlessly bloat some DNS zones and increase DNS traffic volume
because a "no answer" reply to an initial MX query is smaller than a
reply with an answer record of the same name as the one being queried.
OK, that's clear now. Thank You for explanation!
--
KSB
and can this behavior be changed, to not try A?
--
KSB
, which makes stopstart.
--
KSB
thing and minimalistic and correct
how-to would help to comparably quick kick-in and get a proper working
server. After comes real learning, adjusting, rebuilding and so on.
--
KSB
though, I should have thought to check the queue-id (and the Date:
headers).
What You mean with IMAP is lying? It is MUA, what shows last received
date instead of header's Date:?
--
KSB
is wrong?
--
Regards,
KSB
it out.
Bye,
---
Fernando Maciel Souto Maior
Probably they are NDR, so look inside of one of the messages with
pfqueue to see original sender, ip, contents and so on...
--
KSB
.in-addr.arpa. IN PTR
;; ANSWER SECTION:
212.0.171.63.in-addr.arpa. 86400 IN CNAME
63.171.0.212.cust.lkq.sprintlink.net.
63.171.0.212.cust.lkq.sprintlink.net. 86400 IN PTR mail1.lkqcorp.com.
--
KSB
?
--
KSB
:(
--
KSB
-Garfinkel.pdf
Wietse
Ok, but if client has only specialised computers with only traffic
allowed to our smtp and w/o usb and other external media devices?
__
KSB
On 2012.09.11. 13:56, Wietse Venema wrote:
Your specialized niche problem is not in the 90% of the problem
space that Postfix solves. Postfix does not have to solve all
problems.
Wietse
So You suggest to stick with other MTA?
__
KSB
...
__
KSB
for some domains?
__
KSB
will
set right whitelisted-sender domain.
__
KSB
Greetings!
I'm using Posfix for years and like it a lot, but now I'm a bit confused what
will be best option for smtpd_proxy_filter failover. One possible option is to
use multiple A records on DNS, but dependency on one more service is unwanted
thing. Any other options there?
--
Regards,
KSB
On 2012.08.27. 22:15, Brian Evans - Postfix List wrote:
I'm sure there are before-queue filters out there, but you cannot use a
pipe.
You must create/find a front-end that speaks SMTP as noted at the bottom
of the SMTPD_PROXY_README.
Brian
For example spampd.
__
KSB
26 matches
Mail list logo