On Sun, Oct 01, 2023 at 12:00:25AM +0300, mailmary--- via Postfix-users wrote:
> In my case, libspf2 is a dependent package of OpenDMARC
Not surprising, since DMARC takes both DKIM and SPF into account.
On my system, I sign outgoing mail with DKIM, but neither verify DKIM
signatures, nor
Recent news of security issues in Exim appear to in part implicate
libspf2.
While Postfix does not directly use libspf2, and the issues could
perhaps be in part related to how libspf2 is integrated into Exim, it
may be prudent for Postfix administrators to audit their MTA software
stack for
On Tue, Sep 26, 2023 at 05:55:59PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
> Scoring (instead of simply banning) mail sender is quite effective, because
> you don't have to receive and parse whole e-mail.
This is drifting off-topic for Postfix. Perhaps continue the discussion
on
On Tue, Sep 26, 2023 at 10:49:30AM +0200, Eray Aslan via Postfix-users wrote:
> On Mon, Sep 25, 2023 at 05:51:05PM -0400, Viktor Dukhovni via Postfix-users
> wrote:
> > Not, dangerous, just largely pointless, with *potential* complications,
> > unless there are servers that can
On Tue, Sep 26, 2023 at 11:12:53AM +1000, raf via Postfix-users wrote:
> Sadly, I need smtp_address_preference = ipv4 because some
> reputation systems (spamhaus, I think) don't realise
> that an entity might only have a single ipv6 address.
> They seem to think that everyone has at least 64
On Mon, Sep 25, 2023 at 10:47:44PM +0200, A. Schulze via Postfix-users wrote:
> If operating SMTP clients with a client certificate is so dangerous
> and has no value, why would google go that?
Not, dangerous, just largely pointless, with *potential* complications,
unless there are servers that
On Mon, Sep 25, 2023 at 04:24:55PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > Do you have SMTP client TLS connection reuse enabled? If so, TLS
> > connections are made via tlsproxy(8), with the smtp(8) client
> > unaware of any initialisation issues until STARTTLS.
>
> Well
On Mon, Sep 25, 2023 at 12:29:52AM +0200, Ralph Seichter via Postfix-users
wrote:
> > I have been cutoff from the Postfix web site due to it apparently
> > being a TOR exit node in Germany.
>
> The server hosting the Postfix website, run by yours truly, is neither
> located in Germany, nor is
On Sun, Sep 24, 2023 at 09:49:52PM +0100, Polarian wrote:
> > No, the choice should be random, to give messages a decent chance of
> > getting through under various conditions.
>
> Why would you ever want to use a protocol randomly?
Because gives mail the best chance to be delivered, if
On Sun, Sep 24, 2023 at 07:55:16PM +0100, Polarian via Postfix-users wrote:
> > Use the Postfix smtp_address_preference default: random selection.
> > If an MX host has IPv4 and IPv6 addresses, this ensures that mail
> > won't get stuck in the queue when one of the protocols is not
> > working
On Sat, Sep 23, 2023 at 04:24:33PM -0700, Noah via Postfix-users wrote:
> I am provisioning an postfix installation. Is there an example
> configuration for finding aliases from a mysqldb and also checking the
> /etc/aliases file please?
Have you looked at:
On Mon, Sep 18, 2023 at 04:42:39PM -0400, Mike Bianchi via Postfix-users wrote:
> Thunderbird works with *.mail.pairserver.com connections, inbound and
> outbound.
You almost certainly have authentication configured in Thunderbird, by
configuring a suitable account name and password.
> ...
On Mon, Sep 18, 2023 at 10:09:28AM -0400, Curtis Maurand via Postfix-users
wrote:
> I'm getting a DNS failure on my setup that gmail is not getting. It's
> a delegated subdomain. I'm getting this temp error. the relevant
> message header is below.
>
> Authentication-Results:
On Mon, Sep 18, 2023 at 10:31:59AM +1000, Phil Biggs via Postfix-users wrote:
> >From what I could understand, it seems the recommendation was to return the
> same value as Linux. Is that something postfix would need to take into
> account? It also seems to be informational only.
The real
On Mon, Sep 18, 2023 at 09:38:49AM +1000, Phil Biggs via Postfix-users wrote:
> > https://lists.freebsd.org/archives/freebsd-net/2022-October/002556.html
>
> Ah, just saw this but it's getting way beyond my skill level :-)
>
> Does that invalidate the bug report?
The change in error number and
On Sun, Sep 17, 2023 at 06:20:53PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> Yesterday we upgraded LE certs and it seems – we haven't had time to
> investigate in that yet – SELinux bite Postfix where it shouldn't.
> Astonishingly SELinux has been running like that for 193 days and
On Mon, Sep 11, 2023 at 09:30:27PM -0400, Alex via Postfix-users wrote:
> I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and
> receiving the following errors in my logs:
>
> Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
> problem: error:0AC1:SSL
On Mon, Sep 11, 2023 at 09:15:10AM -0700, Fred Morris via Postfix-users wrote:
> I think we've reached the limits of scope for a mailing list devoted to an
> MTA. It appears that traffic improbably ends up at 192.168.20.20. That's
> probably good enough, digging into the /why/ could become a
On Mon, Sep 11, 2023 at 09:59:55AM +0200, François Patte via Postfix-users
wrote:
> > If you continue to treat the hostname of your ISP's (FAI's) SMTP relay
> > as restricted sensitive information, the help you'll receive will also
> > be restricted to vague generalities.
>
> My new main.cf :
>
On Sun, Sep 10, 2023 at 09:47:44AM +0200, Zorg via Postfix-users wrote:
> let me explain, I m searching to relay mail according to the IP of
> origin of the mail.
Postfix does not have any support for this. The closest similar feature is:
sender_dependent_default_transport_maps
> But
On Sun, Sep 10, 2023 at 07:36:07AM +, Serg via Postfix-users wrote:
> My email server sends lots of emails to networks in China, however
> they seem to have packet loss due to what my postfix instance
> struggles to deliver letters to them - only few letters occasionally
> got successfully
On Sun, Sep 10, 2023 at 10:38:27AM +0200, François Patte via Postfix-users
wrote:
> > > > > Sep 9 16:50:49 myserver postfix/smtp[205832]: 92BEFB4BEA:
> > > > > to=, relay=my-fai-smtp[x.x.x.x]:465,
> > > > > delay=0.22,
> > > > > delays=0.04/0.08/0.08/0.02, dsn=5.0.0, status=bounced (host
> > >
On Sat, Sep 09, 2023 at 07:37:13PM +0200, François Patte via Postfix-users
wrote:
> > > As my postfix install is configured, I get only (in mail-log):
> > >
> > > Sep 9 16:50:49 myserver postfix/qmgr[205575]: 92BEFB4BEA:
> > > from=, size=484, nrcpt=1 (queue active)
> > > Sep 9 16:50:49
On Sat, Sep 09, 2023 at 06:55:03PM +0200, François Patte via Postfix-users
wrote:
> I would like to use my fai smtp server to send mails using postfix.
>
> As my postfix install is configured, I get only (in mail-log):
>
> Sep 9 16:50:49 myserver postfix/qmgr[205575]: 92BEFB4BEA:
> from=,
On Sat, Sep 09, 2023 at 06:24:27PM +1000, duluxoz via Postfix-users wrote:
> ***My Questions***
>
> In the mail.example.local's postfix main.cf file:
>
> 1. Should mydomin be set to example.local or one of the external facing
>domains?
The value of this parameter is used as the default
On Sat, Sep 09, 2023 at 08:10:19PM +1000, lists--- via Postfix-users wrote:
> hmmm, noticed that system has quite high load average, reaching 1.5/1.6
> when I was checking... is that my problem ? or part of it ?
> have I overloaded/underresourced ?
>
> Tasks: 114, 98 thr; 2 running 2
> Load
On Fri, Sep 08, 2023 at 11:13:02PM +1000, lists--- via Postfix-users wrote:
> # grep "C92564346E5" /var/log/maillog
> Sep 8 16:41:31 geko postfix/cleanup[15407]: C92564346E5:
> message-id=
> Sep 8 16:41:31 geko postfix/qmgr[1654]: C92564346E5: from=,
> size=3262, nrcpt=1 (queue active)
> Sep
On Fri, Sep 08, 2023 at 08:35:47PM +0300, mailmary--- via Postfix-users wrote:
> > > Two quick questions:
> > >
> > > 1) How do I force an email address to NOT be able to send email, but
> > > still receive.
> >
> > [...]
> >
> > > 2) How do I force an email address to NOT be able to
On Fri, Sep 08, 2023 at 05:15:45PM +0300, mailmary--- via Postfix-users wrote:
> Two quick questions:
>
> 1) How do I force an email address to NOT be able to send email, but still
> receive.
https://www.postfix.org/SMTPD_ACCESS_README.html#lists
https://www.postfix.org/access.5.html
On Mon, Sep 04, 2023 at 05:08:15PM -0400, Wietse Venema via Postfix-users wrote:
> Viktor Dukhovni via Postfix-users:
> > On Mon, Sep 04, 2023 at 12:18:38PM -0400, Viktor Dukhovni via Postfix-users
> > wrote:
> >
> > > It is best to enable this for out
On Mon, Sep 04, 2023 at 12:18:38PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> It is best to enable this for outbound mail only, i.e. messages that
> arrive on the submission ports or through local submission via
> sendmail(1)->postdrop(1)->pickup(8). That way, in
On Mon, Sep 04, 2023 at 11:43:06AM -0400, Wietse Venema via Postfix-users wrote:
> This is now included with the Postfix 3.9 development release (i.e.
> it will be part of the Postfix 3.9 stable release early 2024. I
> changed the name for clarity, and the updated manpage text is below.
>
>
On Sun, Sep 03, 2023 at 10:03:02PM +0200, roughnecks via Postfix-users wrote:
[ Nothing in this thread is about Postfix, so this is not the right
forum for further discussion. ]
> I'm struggling with an issue for a .space domain which gets triggered by
> Spamassassin as PDS_OTHER_BAD_TLD
On Thu, Aug 31, 2023 at 07:53:03AM +0200, Jaroslaw Rafa via Postfix-users wrote:
> Did you also add the entry for "domain2.tld" itself (without "@" at the
> beginning) to virtual_alias_maps, so that Postfix knows that it should
> handle mail for this domain?
That's a deprecated backward's
On Tue, Aug 29, 2023 at 05:47:00PM +0200, Étienne Miret via Postfix-users wrote:
> > So what's the difference between a MAriaDB Client file and the
> > various "tls_" settings in the connection.cf file
>
> I was thinking about the MariaDB `ssl` setting, that enable TLS without
> validating
On Tue, Aug 29, 2023 at 06:42:46PM +1000, Matthew J Black via Postfix-users
wrote:
> ~~~
> postmap: warning: connect to mysql server sql.my_example.com: Access denied
> for user 'mail-user'@'192.168.1.101' (using password: YES)
> postmap: fatal: table mysql:/etc/postfix/sql_vdomains.cf: query
On Mon, Aug 28, 2023 at 04:14:33PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> However, neither eventuality is at all likely. My take is that it would
> not be an unwelcome breaking change to apply the table in any context
> other than SMTP ingres.
s/would not
On Mon, Aug 28, 2023 at 09:01:35PM +0200, Étienne Miret via Postfix-users wrote:
> Anyway, I promised a documentation patch that would make this more
> explicit, here it is! Sorry it took me a little long to do it, as I have
> been busy on other issues.
The documentation patch seems to suggest
On Sun, Aug 27, 2023 at 02:33:49PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> I hope that Comcast will relax their limits to allow at least 2 (ideally
> closer to 5 or 10) recipients per message so long as the sending system
> does not have a "known bad" rep
On Sun, Aug 27, 2023 at 04:06:18PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> If the aliases(5) table has actually been rebuilt, and the message
> is now deliverable, the background refresh is supposed to happen:
>
> address_verify_negative_refresh_time
On Sun, Aug 27, 2023 at 01:41:19PM -0600, Pete Holzmann wrote:
> Ummm... Viktor, how many people do *you* think have read the fine
> documentation on every verification option they use in their main.cf
> restriction configurations?
I don't know. What I do know is that using features whose
On Sun, Aug 27, 2023 at 11:12:03AM -0700, Bill Sommerfeld via Postfix-users
wrote:
> On 8/27/23 00:13, Wietse Venema via Postfix-users wrote:
> > Would it be sufficient to never send more than 1 recipient per
> > mesage, thus never trigger their temporary "block all mail" strategy,
> > and avoid
On Sun, Aug 27, 2023 at 10:25:10AM +0200, lutz.niederer--- via Postfix-users
wrote:
> In postconf > smtpd_command_filter section there is an example for never
> bouncing mails (no DSN):
>
> # Bounce-never mail sink. Use notify_classes=bounce,resource,software
> # to send bounced mail
On Sun, Aug 27, 2023 at 03:13:43AM -0400, Wietse Venema via Postfix-users wrote:
> Bill Sommerfeld via Postfix-users:
> > About three years ago there was a thread on postfix-users ("Comcast 421
> > throttling multiple recipients") discussing a low-traffic site having
> > difficulties sending to
On Fri, Aug 25, 2023 at 08:07:01PM -0600, Pete Holzmann via Postfix-users wrote:
> SUMMARY
>
> * Scenario/repeatability:
>- See www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
>- Since Postfix 2.7, there's a persistent verification database.
Actually, there isn't, or, more
On Wed, Aug 16, 2023 at 07:48:30PM -0400, Viktor Dukhovni wrote:
> Problem found via:
>
> danesmtp ()
> {
> local host=$1;
> shift;
> local opts=(-starttls smtp -connect "$host:25" -verify 9
> -verify_return_error -dane_ee_no_n
On Wed, Aug 23, 2023 at 01:36:29PM +1200, Peter via Postfix-users wrote:
> > "The problem" (i have given up and did not try it for long) is the
> > configuration directory. Does this work without configuration
> > directory? I had to try again.
The default Postfix directory (the one compiled
On Tue, Aug 22, 2023 at 03:41:43PM -0400, Alex via Postfix-users wrote:
> I'm hoping I could ask what is probably an FAQ but I haven't seen
> anything on it recently. I've already implemented some type of rate
> limiting for delivering to gmail, but it's apparently not working
> satisfactorily
On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote:
> >> If your have smtpd_sasl_auth_enable=yes for your services on port
> >> 587 (submission) and port 465 (smtps or submissions), then you can
> >> remove it from master.cf when all your AUTH users are not using
> >> the port 25 service.
On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote:
> What is the output from
>
> postconf -P '*/inet/smtpd_sasl_auth_enable'
>
> That will show the smtpd_sasl_auth_enable settings in master.cf.
>
> If your have smtpd_sasl_auth_enable=yes for your services on
On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote:
> not exactly the same issue to my read, but there may be more to it?
As suspected, the OP has an incomplete DANE TLSA RRset that fails to
match the system's RSA certificate (the additional ECDSA certifcate does
match, but
On Wed, Aug 16, 2023 at 02:07:39PM +, Serg wrote:
> Thanks for pointing this out, I forgot to update it when migrating from RSA
> to ECC certificate.
It seems you don't have monitoring in place that checks the correctness
of your TLSA records vis-à-vis your certificate chain. Monitoring is
On Wed, Aug 16, 2023 at 10:56:07AM +, Serg via Postfix-users wrote:
> I have checked email server of mine and can confirm I am seeing that too
> (logs are since Aug 13 03:50:38 EEST):
>
> > admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
> > /var/log/mail.log | grep 'ehlo=1
On Wed, Aug 16, 2023 at 09:12:44AM -0400, pgnd via Postfix-users wrote:
> 4 0.321516 192.0.2.25 → 52.101.62.16 SMTP 121 S: 220
> mx1.example.net ESMTP .
Your server's hostname and served domains continue to be hidden. Are
you perhaps willing and able to post those details?
On Wed, Aug 16, 2023 at 01:51:24AM +0200, Étienne Miret via Postfix-users wrote:
> I found this discrepancy surprising and am suggesting it is removed. In
> case others argue it is useful or that removing it will break some
> configurations, I am asking it is documented.
The discrepancy is
On Tue, Aug 15, 2023 at 05:12:53PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > 2023-08-14T13:12:00.131049-04:00 svr01
> > postfix/postscreen-internal/smtpd[27907]: disconnect from
> > mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]
> >
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
> 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT
> from [52.101.56.17]:32607 to [209.123.234.54]:25
> 2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
>
On Tue, Aug 15, 2023 at 11:51:07AM -0400, Wietse Venema via Postfix-users wrote:
> > That's my instinct also. Waiting out transient glitches by retrying on
> > the next delivery attempt is not an option for probes. And probes don't
> > leak message content in the clear, nor even the full
On Tue, Aug 15, 2023 at 11:33:08AM -0400, Wietse Venema via Postfix-users wrote:
> With that, the condition evaluates to:
>
> 1: session->tls_context == 0 true
> 2: state->tls->level == TLS_LEV_MAYpresumably true
> 3: PREACTIVE_DELAY >=
[ $subject would have been more clear had the OP mentioned that he's
talking about address verification probes. ]
On Tue, Aug 15, 2023 at 01:29:14PM +, Serg via Postfix-users wrote:
> > admin@flopster ~ $ sudo postconf | grep ^smtp_tls
> > smtp_tls_cert_file =
On Mon, Aug 14, 2023 at 11:54:16PM +0200, lutz.niede...@gmx.net wrote:
> Ah, still one question. I don't remember exactly where, but I believe
> that you said it would be better to split into separate instances.
> Sorry, can't find it anymore.
On Mon, Aug 14, 2023 at 11:04:56PM +0200, lutz.niederer--- via Postfix-users
wrote:
> we need to block subaddressing from extern, and only from extern.
> Internally we use it really often.
A sensible initial simplification is to not mix inbound and outbound
mail on the same Postfix instance.
On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote:
> > Length: 00 00 9c (156)
> > ...
> > 0x01,0x88 7 ???
> > ...
> > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA
> > ...
> > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS
> > ...
&
On Mon, Aug 14, 2023 at 04:13:54PM -0300, SysAdmin EM via Postfix-users wrote:
> Hi, Is it possible to discard an email based on the Subject and the
> destination email address?
> I try this and not work:
>
> /^Subject:.*Test email subject .*To:.*m...@me.com/ DISCARD
Note that "the destination
On Sun, Aug 13, 2023 at 01:47:05PM -0400, Wietse Venema via Postfix-users wrote:
> > Any votes for JSON? :-)
> >
> > { "account": "user:foo", "base64password": "" }
>
> Before other people start to chime in, let me set some expectations.
My suggestion of JSON is largely in
On Sat, Aug 12, 2023 at 08:05:52PM -0400, Wietse Venema via Postfix-users wrote:
> My preference would be:
>
> smtp_sasl_password_map_result_delimiter
> printable character or C escape (like \t for TAB)
> default = : (for backwards compatibility)
> must not be empty
> must not
On Sat, Aug 12, 2023 at 02:03:56PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > checking further
> >
> > grep smtpd_tls main.cf | grep file
> > smtpd_tls_dh1024_param_file=${config_directory}/dh4096.pem
> > smtpd_tls_eckey_file
On Sat, Aug 12, 2023 at 02:27:14PM -0400, pgnd wrote:
> >> Handshake type: 01 (Client Hello)
> >> Length: 00 00 9c (156)
>
> > One thing I failed to mention is that length of 156 is rather unexpected
> > ...
> > And there's also that mysterious 0x01,0x88 cipher, which is not listed
> > in the
On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > Handshake type: 01 (Client Hello)
> > Length: 00 00 9c (156)
One thing I failed to mention is that length of 156 is rather unexpected
here, because the containing TLS record layer header promi
On Sat, Aug 12, 2023 at 01:35:11PM -0400, pgnd wrote:
> > https://datatracker.ietf.org/doc/html/rfc7672#section-8.2
>
> I've no idea in this case why aNULL is explicitly ref'd; for my own
> configs I don't call it out, rather stick with the default
See the final comment in this message.
>
On Sat, Aug 12, 2023 at 01:42:04PM -0400, pgnd wrote:
> after the key file cleanup,
>
> ...
> Untrusted TLS connection established from
> esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher
> ECDHE-RSA-AES128-GCM-SHA256
> ...
>
> seems, in fact, EC-ready
That's ECDHE key
On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote:
> postconf mail_version
> mail_version = 3.8.1
As background, the RELEASE_NOTES for 3.8 mention:
- Postfix default settings now exclude the following deprecated or
unused ciphers (SEED, IDEA,
On Wed, Aug 09, 2023 at 02:53:02PM -0400, Wietse Venema wrote:
> > > vpnsub_cleanup unix n - n - 0 cleanup
> > > -o {header_checks=regexp:{{/^Received:/ IGNORE}}}
> >
> > I am not aware of any suport for such inline regexp tables. What
> > release of
On Wed, Aug 09, 2023 at 06:48:11PM +0200, Steffen Nurpmeso via Postfix-users
wrote:
> Yeah the wonderful suggestion of this super helpful list (thanks
> again!) for my setup (laptop postfix on "forbidden address" relays
> to in-VPN postfix which then sends out) was
>
> 192.0.2.1:submission
On Wed, Aug 09, 2023 at 11:35:12AM -0500, shorton wrote:
> >Do you have "reject_unauth_pipelining" in any of your smtpd
> >restrictions, in either main.cf or master.cf?
>
> I do:
> smtpd_data_restrictions =
> reject_unauth_pipelining,
> permit
That's the reason why the
On Wed, Aug 09, 2023 at 10:31:18AM -0500, Scott Techlist via Postfix-users
wrote:
> Client has an appliance (Axion RTAC) that sends email based reports.
> I don't have access to the appliance or its docs. It used to send its
> emails to an Exchange server that has been decommissioned. I'm
On Wed, Aug 09, 2023 at 07:34:48AM +0200, Fourhundred Thecat via Postfix-users
wrote:
> So that the first hop looks like this:
>
> Received: from [127.0.0.1] (localhost [127.0.0.1])
> by mail.xxx.yyy (Postfix) with ESMTPSA id 7E011B0
> for ; Wed, 9 Aug 2023 07:04:42 +0200 (CEST)
Try
On Tue, Aug 08, 2023 at 01:28:51PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
> >> > We're only doing basic spam protection for them,
> >>
> >> What is the nature of the "basic spam protection"? Can it be done
> >> pre-queue?
>
> On 07.08.23 15:19, Alex via Postfix-users wrote:
>
On Mon, Aug 07, 2023 at 03:19:59PM -0400, Alex wrote:
> > The only plausible solution on your end is to not queue mail for this
> > domain, but rather proxy it through to the destination, with the
> > response to "." coming from the final downstream systems. This may be
> > possible with:
> >
>
On Mon, Aug 07, 2023 at 11:24:30AM -0400, Alex via Postfix-users wrote:
> We're only doing basic spam protection for them,
What is the nature of the "basic spam protection"? Can it be done
pre-queue?
The only plausible solution on your end is to not queue mail for this
domain, but rather proxy
On Sun, Aug 06, 2023 at 12:14:10AM -0400, Charles Sprickman wrote:
> > If not for your sake, then perhaps for future readers, it would be great
> > if you would confirm or deny what type of certificate is configured on
> > the Postfix SMTP server end?
>
> Oops, missed this earlier.
Would have
On Sat, Aug 05, 2023 at 03:27:01PM -0400, Charles Sprickman via Postfix-users
wrote:
> > Nope, ever since SSL 3.0 the client proposes and the server chooses.
> > The issue is very likely that the server's certificate is ECDSA or
> > Ed25519, and so not supported by the client.
> >
> >
On Sat, Aug 05, 2023 at 11:23:06AM -0700, Dan Mahoney via Postfix-users wrote:
> Under the hood, idracs do use openSSL, and it’s not unreasonable to
> assume that both the SMTP client and the web server use the same
> linked version. You could start by seeing which ciphers the idrac 7
> web UI
On Wed, Aug 02, 2023 at 11:28:09PM -0400, Charles Sprickman via Postfix-users
wrote:
> [root@mail /usr/local/etc/postfix]# postconf -n |grep tls
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file =
On Wed, Aug 02, 2023 at 01:26:43AM -0400, Charles Sprickman via Postfix-users
wrote:
> [root@mail /usr/local/etc/postfix]# postconf -n |grep smtpd_tls
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/foo/fullchain.pem
> smtpd_tls_key_file =
On Mon, Jul 24, 2023 at 03:53:17PM +0200, Robert Senger via Postfix-users wrote:
> I have a few freemail accounts that I use mainly for testing and
> special purposes. All those accounts are forwaring incoming mail to a
> corresponding account at my ow server, like
> "r.senger_@example.com". For
On Mon, Jul 24, 2023 at 03:27:34PM +0200, Bernardo Reino via Postfix-users
wrote:
> > Systems crash. What are the reliability guarantees from the certbot
> > client: will it run once, or will it somehow maintain state and
> > recover when a run was interrupted by a system crash?
>
> In such
On Sun, Jul 23, 2023 at 11:22:26PM +0200, Paul Menzel wrote:
> > Does it really matter why some site offering opportunistic STARTTLS does
> > not have a validatable certificate? The connection can be trivially
> > downgraded by an on-path attacker (stripping STARTTLS) to just be
> > cleartext.
On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users
wrote:
> In the case of the dehydrated ACME client
> (https://github.com/dehydrated-io/dehydrated) there's an option to run
> a bunch of commands on successful update, including something like
> "postfix reload" - one could also
On Sun, Jul 23, 2023 at 08:18:21PM +0200, lejeczek via Postfix-users wrote:
> > You need to rebuild it periodically. Once a week should be enough,
> > ACME certificates are typically good for 90 days and get replaced
> > every 60, so when the new one is minted the old one is still good
> > for
On Sun, Jul 23, 2023 at 09:39:52AM +0200, lejeczek via Postfix-users wrote:
> > What is "snis.map", and how is it used in your configuration?
>
> tls_server_sni_maps = hash:/etc/postfix/snis.map
And when did you run as root:
# postmap -F hash:/etc/postfix/snis.map
to update that table?
On Thu, Jul 20, 2023 at 07:11:41PM +0200, lejeczek via Postfix-users wrote:
> I use what I believe is pretty much vanilla-common setup - snis.map I
> had to restart the deamon/server in order for _postix_ to notice new
> certs - naturally located in same one place - reload did not do.
What is
On Thu, Jul 20, 2023 at 08:45:46AM -0400, David Mehler via Postfix-users wrote:
> Thank you for your reply. My apologies, I thought these issues were
> all possibly interrelated.
>
> To the first issue the postfix process dying.
Quite possibly, the right formulation is "exiting as expected",
On Wed, Jul 19, 2023 at 06:03:17PM -0400, David Mehler via Postfix-users wrote:
> I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and
> Dovecot 2.3 using virtual mailbox domains. There are no local everyone
> is virtual. The first problem I'm seeing is the Postfix process is
>
On Tue, Jul 18, 2023 at 06:37:08PM -0400, Wietse Venema via Postfix-users wrote:
> Turns out that this required very little code (basically one boolean
> configuration parameter that controls a bitfield flag that is input
> to the Postfix MIME processor. Preliminary manpage text is below.
Cool!
On Tue, Jul 18, 2023 at 11:29:20AM -0400, Wietse Venema via Postfix-users wrote:
> This can work with the 'advanced' example in FILTER_README:
>
> main.cf:
> content_filter = smtp-7bit:127.0.0.1:10025
>
> master.cf:
> smtp-7bit .. .. .. .. .. .. smtp
>-o {
On Tue, Jul 18, 2023 at 01:43:46PM +0200, Tinne11 via Postfix-users wrote:
> In order to follow this recommendation, a Postfix MSA (being part of a
> system DKIM-signing outbound messages) needs to be configured to convert all
> submitted 8-bit messages to 7-bit (base64 or Quoted-Printable). Is
[ Also posted to dane-us...@list.sys4.de ]
There are still ~250 MX hosts with DANE TLSA records that match the
retired X3 or X4 Let's Encrypt CAs. Perhaps also other retired CAs,
but these are the ones I'm tracking at:
https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
Please take care
On Sun, Jul 16, 2023 at 11:02:23PM +0200, Benny Pedersen via Postfix-users
wrote:
> > cat access | wc -l
> > 2'294'583
> >
> > Yes me problem are that this file are to big for me little system
>
> will add more memory solve it ?
>
> local rbldnsd ?, dont know if postfix uses less ram for
On Sun, Jul 16, 2023 at 10:05:20AM +0200, Maurizio Caloro via Postfix-users
wrote:
> postscreen_access_list = permit_mynetworks,
> cidr:/etc/postfix/whitelistCIDR+IP
> cidr:/etc/postfix/access
>
> root postfix 47M Jul 16 08:34 /etc/postfix/access
> root postfix
301 - 400 of 6508 matches
Mail list logo
