Hi All
After building my new Postfix server I spent days securing it as best I
could. So far it seems to be running fine but I was wondering if someone
would mind having a look at my main.cf file to see if there are any
holes/issues in the config. I'm particularly interested to hear what
people
li...@rhsoft.net wrote
Am 05.02.2015 um 22:00 schrieb SW:
smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4
disable DES *and* Rc4 is pure nonsense because it leads in some servers
not able to send mail to you at all and way more fall back to plain as
needed
Good
Thanks Viktor. I have set it to:
smtpd_tls_exclude_ciphers = LOW, EXPORT, MD5
How does the rest of the config look? Secure? Any silly mistakes?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Secure-config-main-cf-tp74536p74542.html
Sent from the Postfix Users
I thought I'd post the contents of my master.cf file as well (for
completeness):
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix -
James B. Byrne wrote
What are the contents of your /etc/resolv.conf? Are any of the listed
resolvers down?
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
domain mydomain.com
I doubt it as mail is flowing and RBL lookups are working fine.
--
View this message in context:
Thanks for the help. I have installed the postfix-policyd-spf-python port on
my FreeBSD server and enabled it in the main.cf and master.cf config files
as follows:
smtpd_recipient_restrictions = check_policy_service
unix:private/policyd-spf
policyd-spf unix - n n - 0 spawn
user=nobody
Koko Wijatmoko wrote
make sure all requirement policyd-spf is installed. maybe
you missing DNS python module.
try to run /usr/local/bin/policyd-spf at the console and
see what happen. check also mail log...
When you install the policyd-spf port on FreeBSD it installs all the
required
Thanks Scott.
If you look at my previous post you can see that I have installed
postfix-policyd-spf-python but am having DNS timeout issues when I enable
it. I have been looking online for a solition but have come up empty handed
so far!
--
View this message in context:
Hello
I have an SPF record created in DNS for my domain. In my main.cf config file
for Postfix I have the following SPF settings:
spf_received_header = yes
spf_mark_only = no
smtpd_recipient_restrictions = peject_spf_invalid_sender,
Am 18.01.2015 um 12:01 schrieb SW:
I have an SPF record created in DNS for my domain. In my main.cf config
file
for Postfix I have the following SPF settings:
spf_received_header = yes
spf_mark_only = no
smtpd_recipient_restrictions = peject_spf_invalid_sender
Thanks for the suggestion but I have just tried what you mentioned but still
same error in the headers:
Received-SPF: Temperror (SPF Temporary Error: DNS Timeout)
identity=mailfrom; client-ip=209.85.216.182;
--
View this message in context:
Fair enough. Thanks Wietse.
I have done plenty of research online regarding this but still haven't had
much luck. I will contact the developer.
Thanks everyone for the assistance.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/SPF-configurations-tp73872p73902.html
Sent
I have contacted the port maintaner but he couldn't help.
Can anyone else assist please?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/SPF-configurations-tp73872p73898.html
Sent from the Postfix Users mailing list archive at Nabble.com.
I'll leave it configured as you have mentioned for now. When OpenSSL
1.0.2 is released I will change it back to how it should be.
Is there any way I can send/receive a test email that makes use of an
ECDSA cert? As expected, all the current TLS connections in the logs are
for RSA certs.
Dukhovni wrote:
On Tue, May 13, 2014 at 08:22:46AM +0100, SW wrote:
Since you're controlling the server, all you need to do is configure
a client that, all else being equal, prefers ECDSA to RSA. With
OpenSSL 1.0.0 or greater, a cipherlist something like:
aRSA:-aRSA:aECDSA:-aECDSA:kRSA
Yesterday I had my SSL certificate re-issued. I now have two
certificates for the same domain. One has an RSA signature and the new
one I received yesterday uses ECDSA. I enabled the ECDSA certificate in
Dovecot and Apache and those services are working great.
In Postfix I have enabled two
Hi Viktor
Many thanks for the reply! So I'm not going crazy...smiley
image=smiley_beam.gif/
You said:
quote author=Viktor Dukhovni
A work-around is to list all the relevant CAs in the chain files
for both algorithms. The patches that resolve this for 1.0.2 are
attached for educational
to
see if the ECDSA cert is working 100%.
But I think this issue is resolved?
On 12/05/2014 21:16, Viktor Dukhovni wrote:
On Mon, May 12, 2014 at 08:44:00PM +0100, SW wrote:
quote author=Viktor Dukhovni
A work-around is to list all the relevant CAs in the chain files
for both algorithms
I've been running for 16 hours now with no crash. I have successfully
received emails from Facebook and Postfix hasn't given a signal 11 so its
looking good so far!
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-crashes-with-signal-11-tp65224p65280.html
Sent from
Hello
I am having an issue with Postix 2.11 crashing multiple times per day with
the following errors:
Feb 13 21:28:37 mail postfix/master[5828]: warning: process
/usr/local/libexec/postfix/smtpd pid 14469 killed by signal 11
mail postfix/master[5828]: warning:
Hi Wietse, many thanks for the reply.
egrep '(warning|error|fatal|panic):' /var/log/postfix/maillog | more gives:
Feb 15 00:26:51 mail postfix/smtpd[57622]: warning: hostname
ip49-gw1.indonet.bogor.net does not resolve to address 202.159.24.49:
hostname nor servname provided, or not known
Feb 15
First crash with debugging enabled generated the logfile /smtpd.77126.log:
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
Apologies for posting the incorrect info previously.
Postfix has just crashed again and this is what is in the logfile:
Program received signal SIGSEGV, Segmentation fault.
0x00080194d1ff in deflateSetDictionary () from /lib/libz.so.6
(gdb) #0 0x00080194d1ff in deflateSetDictionary ()
I had a look through the entire maillog for 27935 but all I could see was:
running: PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
where; sleep 864) | gdb /usr/local/libexec/postfix/smtpd 27935
21 /usr/local/etc/postfix/smtpd.27935.log sleep 5
I'm not sure what
I have removed the -D flag and restarted Postfix. I will keep my eye on it
and report back.
I'm really hoping for an email to come from Ebay and/or Facebook as that
always caused a signal 11. I'd like to see if removing zlib resolved that
issue.
I really appreciate your help
I have one more
Sorry, here are the dates:
Feb 15 17:20:10 mail postfix/smtpd[27935]: running:
PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
Feb 15 17:20:16 mail postfix/smtpd[27935]: connect from
m12-184.163.com[220.181.12.184]
Feb 15 17:20:19 mail postfix/smtpd[27935]: NOQUEUE: reject: RCPT
*Since your domain is DNSSEC signed, please consider deploying DANE
TLSA records for your domain: *
The company that hosts my DNS doesn't support DANE TLSA as far as I know.
*
Were there any other log entries from master(8) between
the two events?*
None that I could see.
*What OS version are
I've been running fine for about 3 hours since removing -D and removing zlib
from OpenSSL. I think its still too early to tell for sure if everythings
ok.
I will check the logs again tomorrow morning to see how things look.
I really appreciate both your help (Viktor and Wietse) very much!
--
When I used to send emails from my desktop email client (Thunderbird) it
would be sent to the email (Postfix) server almost instantly. My desktop and
server are on the same local LAN.
Now when I send an email there is a definite pause. When I click send, it
sits at the screen saying:
Status:
I can't see the -D option anywhere in my master.cf file. I think this issue
was occurring before trying that anyway. I have also restarted the Postfix
service.
host 192.168.0.10
;; connection timed out; no servers could be reached
I expected this to timeout as I don't have internal DNS name
Yes, you are correct. That is the cause of the problem. A quick entry of my
machine in the hosts file sorted that one out!
I'm just baffled why I have never experienced this issue before.
Thank you everyone.
--
View this message in context:
Also, why is it when I send an email from my mobile phone its instant? In the
maillog it says unknown for my phones IP address so clearly there isn't a
DNS name for it.
Just trying to understand this.
--
View this message in context:
Thanks for the explanation.
When I send an email now its instant!
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Slow-sending-of-email-tp65252p65261.html
Sent from the Postfix Users mailing list archive at Nabble.com.
I should mention that I am running STABLE:
FreeBSD 10.0-STABLE #0 r260985 (GENERIC kernel).
I'm running it on a 4 core Xeon E31230V3.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-crashes-with-signal-11-tp65224p65263.html
Sent from the Postfix Users mailing
I understand. It was more an FYI.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-crashes-with-signal-11-tp65224p65265.html
Sent from the Postfix Users mailing list archive at Nabble.com.
35 matches
Mail list logo
