[pfx] Re: Problems connecting to desktop client

On Sun, Jul 16, 2023 at 03:56:36PM +0200, Wolfgang Paul Rauchholz via Postfix-users wrote: > Postfix and Dovecot are up and running, and I can send and receive emails > from CLI. Dovecot is likely listening only on the "implicit TLS" IMAP port, namely 993. - On port 993, clients start by

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 11:16:56AM +0300, Ivan Hadzhiev via Postfix-users wrote: > You can copy from here: > *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem > > * > or you can create it > >

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 10:09:34AM +0200, Paul Menzel via Postfix-users wrote: > The Internet.nl email test, reports for molgen.mpg.de [1]: Their criteria are cranked up to 11. Do not attempt to get a 100% score from their site. It will be counterproductive (reduce security) by making it

[pfx] Re: [ext] TLS issues

On Wed, Jul 12, 2023 at 11:15:14AM +0200, Ralf Hildebrandt via Postfix-users wrote: > > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem > > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key > > Try adding: > > smtp_tls_key_file = $smtpd_tls_key_file > smtp_tls_cert_file =

[pfx] Re: [ext] warn_if_reject and MILTER

On Tue, Jul 11, 2023 at 04:28:54PM +0200, Ralf Hildebrandt via Postfix-users wrote: > If I remember correctly, soft_bounce is some sort of el-cheapo "replace > 5 with 4 in the output to the client"-thing. And thus should work even > with milters. Yes, but keep in mind that milters also can

[pfx] Re: local sending

On Tue, Jul 11, 2023 at 09:11:25AM +0100, Ken Gillett via Postfix-users wrote: > Anyway, using @home is acceptable and works from both the Mac Pro and > a debian linux machine (and probably others) on the LAN. These arrive to the "server" Postfix instance via SMTP. > The problem > however is

[pfx] Re: local sending

On Tue, Jul 11, 2023 at 09:11:25AM +0100, Ken Gillett via Postfix-users wrote: > Postfix has been installed on the Mini for several years and I can > send a message from e.g MacOS Mail.app on my Mac Pro to user@home and > receive it in that account (also configured in same Mail.app). I > wanted

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 04:56:31PM +0100, Ken Gillett via Postfix-users wrote: > Ok, so logged in on Mac and used the Server admin tool to change a > setting (added a relay host). The main.cf in > /Library/Server/Mail/Config/postfix was updated. So that's what MacOS > thinks is the config dir as

[pfx] Re: Postfix "sendmail -bv" command: Trouble with spamassassin and virtual_aliases

On Mon, Jul 10, 2023 at 03:24:54PM +0200, Robert Senger wrote: > Hey, that was me! My full given name *is* Robert'); DROP ... > > CONFDIR=/etc/postfix > POSTMAP=/usr/sbin/postmap > LOCAL_VIRTUAL_USERS=mysql:${CONFDIR}/virtual_mailboxes.mysql.cf > > recipient=$(printf '%s' "$2" | sed

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 09:17:52AM -0400, Viktor Dukhovni via Postfix-users wrote: > > First of all, changes I have made in main.cf are not being used. > > AFAICT I am editing the main.cf that is used:- > > > > ps ax | grep master => master -c /Library/Server/M

[pfx] Re: which main.cf and postconf

On Mon, Jul 10, 2023 at 10:34:44AM +0100, Ken Gillett via Postfix-users wrote: > First of all, changes I have made in main.cf are not being used. > AFAICT I am editing the main.cf that is used:- > > ps ax | grep master => master -c /Library/Server/Mail/Config/postfix Yes, with "-c" the

[pfx] Re: Postfix "sendmail -bv" command: Trouble with spamassassin and virtual_aliases

> On 10 Jul 2023, at 5:50 am, Matus UHLAR - fantomas via Postfix-users > wrote: > >>> #!/bin/bash >>> user=`echo "$2" | sed 's/[<>]//g'` >>> ret=`echo "select destination from virtual_aliases where >>> source=\"$user\";" | /usr/bin/mysql -upostfix -psecretpassword >>> mailserver | tail -n 1`

[pfx] Re: Getting Recipient when Message size limit is exceeded

On Fri, Jul 07, 2023 at 11:54:44AM -0400, Viktor Dukhovni via Postfix-users wrote: > If the client uses PIPELINING, the pipelined "RCPT TO" after the rejected > "MAIL FROM" will presumably be logged. Turns out that's not the case. Postfix does not log client "s

[pfx] Re: Getting Recipient when Message size limit is exceeded

On Fri, Jul 07, 2023 at 11:47:35AM -0400, postfix--- via Postfix-users wrote: > > Currently Postfix do not show in log the Recipient of emails that > > exceed Meesage_size_limit becasue MAIL FROM comes before RCPTO TO... > > but is there any nice way of forcing Postfix to reject that email > >

[pfx] Re: Ongoing authentication issue, SASL support?

On Fri, Jul 07, 2023 at 05:24:45PM +0200, Jaroslaw Rafa via Postfix-users wrote: > > seems to me that having all possible mail recipients as system users > > is not practical on even systems of moderate user count. > > My previous job was administering servers at an university. Our main >

[pfx] Re: Ongoing authentication issue, SASL support?

On Fri, Jul 07, 2023 at 10:27:38AM -0400, joe a via Postfix-users wrote: > >> local_recipient_maps = > > > > This is the wrong solution. With this setting, postfix will accept > > mail to any user address, and you will eventually have a queue full > > of undeliverable bounces, plus get listed

[pfx] Re: SMTP connections being restricted to 20

On Thu, Jul 06, 2023 at 05:08:44PM +, Mark Wheeler via Postfix-users wrote: > Thank you for your response. In answer to your questions: > > > * It's a problem as the box is continuing to receive a lot of > email so if the sending of mail is throttled we are getting a > large

[pfx] Re: send clear text passwords to relayhost?

On Thu, Jul 06, 2023 at 06:38:34PM +0200, Ede Wolf via Postfix-users wrote: > Jep, I just retested. Changed to plain, restarted postfix and mail gets > deferred: > > relay=smtp.worldserver.net[217.13.200.36]:587, delay=1, > delays=0.07/0.01/0.95/0, dsn=4.7.0, status=deferred (SASL

[pfx] Re: SMTP connections being restricted to 20

On Thu, Jul 06, 2023 at 02:42:43PM +, Mark Wheeler via Postfix-users wrote: > We are seeing an issue whereby out postfix outbound mailserver is > restricting the outgoing connections to 20. We think we have update > the config correctly, however, we are still seeing it throttled to 20. 1.

[pfx] Re: Maildir changes in 3.7.4?

On Thu, Jul 06, 2023 at 05:43:22AM -0700, Dan Mahoney via Postfix-users wrote: > We have our aliases file pushing things into our RT install, but also > saving things to a maildir, so we can manually feed a single file back > in, thusly: > > In /etc/aliases: > > noc:

[pfx] Re: Ongoing authentication issue, SASL support?

On Thu, Jul 06, 2023 at 08:32:42AM -0400, joe a via Postfix-users wrote: > While chasing a postfix (version 3.5.9) to dovecot authentication issue, > checked "compiled in" methods: > > postconf -a >cyrus >dovecot > postconf -A > cyrus As expected and documented. Dovecot is only

[pfx] Re: send clear text passwords to relayhost?

On Thu, Jul 06, 2023 at 08:10:39AM +0200, Ede Wolf via Postfix-users wrote: > > BINGO! The server is advertising CRAM-MD5, and unless you filter it out > > SASL will attempt to use that instead of plain. Therefore, in the > > proposed "master.cf" entry you also need: > > > > -o {

[pfx] Re: send clear text passwords to relayhost?

On Wed, Jul 05, 2023 at 10:09:12PM +0200, Ede Wolf via Postfix-users wrote: > thanks very much for your reply. I still may have some understanding issues: > > Am 05.07.23 um 16:22 schrieb Viktor Dukhovni via Postfix-users: > > On Wed, Jul 05, 2023 at 02:42:54PM +0200, Ede Wolf vi

[pfx] Re: send clear text passwords to relayhost?

On Wed, Jul 05, 2023 at 02:42:54PM +0200, Ede Wolf via Postfix-users wrote: > I am having a weired issue. My provider for the relayhost switched to > SSL - which is fine by itself - but that also changed the authentication > scheme. What SASL mechanism was used before that? You're in fact

[pfx] Re: Remove mailer-daemon

On Mon, Jul 03, 2023 at 10:07:55PM +, Israel britto via Postfix-users wrote: > How can I delete all mailer-daemon messages from my mail server? By not accepting mail for non-existent recipients. With working recipient validation on input, you can ignore the trickle of bounces that might now

[pfx] Re: Typo in man postconf ("Postix")

On Mon, Jul 03, 2023 at 09:52:28PM +, Scott Kitterman via Postfix-users wrote: > >Should I ask WTF BTS? > > Bug Tracking System. No. I see... The Postfix project does not curate bugs. There are, except briefly for O(1 day) from the date the bug is reported, zero known outstanding bugs.

[pfx] Re: Typo in man postconf ("Postix")

On Tue, Jul 04, 2023 at 06:19:26AM +1000, Trent W. Buck via Postfix-users wrote: > master:postfix/proto/postconf.proto:6450: This feature is available in > Postix 2.10 and later. > master:postfix/proto/stop:1185:Postix > > Are these typos? Yes. The fix is trivial: --- proto/postconf.proto

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 05:04:59PM -0700, Patrick Mahan wrote: > > > The on-disk file format of Berkeley DB is not standardised across major > > > versions. A system upgrade may require rebuilding the aliases ".db" > > > file due to an incompatible Berkeley DB driver. > > > > I should perhaps

[pfx] Re: Postfix sending to undefined (?)

On Sun, Jul 02, 2023 at 07:51:11PM -0400, joe a via Postfix-users wrote: > >> >> When attempting to send an email to postfix on that box, for delivery > >> >to > >> >> the local dovecot (via lmtp), the message instead goes out to my ISP > >> in > >> >> the fashion of currently working

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 07:03:47PM -0400, Viktor Dukhovni via Postfix-users wrote: > The on-disk file format of Berkeley DB is not standardised across major > versions. A system upgrade may require rebuilding the aliases ".db" > file due to an incompatible Berkeley DB driver

[pfx] Re: Postfix sending to undefined (?)

On Sun, Jul 02, 2023 at 06:49:53PM -0400, joe a via Postfix-users wrote: > > Viktor Dukhovni via Postfix-users Sun, 02 Jul 2023 14:21:52 -0700 > > > >On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-users >wrote: > > > >> When attempting to

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 03:13:55PM -0700, Patrick Mahan wrote: > > On Sun, Jul 02, 2023 at 02:44:51PM -0700, Patrick Mahan via Postfix-users > > wrote: > > > > > Recipient address rejected: unverified address: > > > alias database unavailable; [...] > > > > > > alias_database =

[pfx] Re: Help with receiving mail

On Sun, Jul 02, 2023 at 02:44:51PM -0700, Patrick Mahan via Postfix-users wrote: > Recipient address rejected: unverified address: > alias database unavailable; [...] > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases Run: # postalias hash:/etc/aliases (The

[pfx] Re: Postfix sending to undefined (?) relay

On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-users wrote: > When attempting to send an email to postfix on that box, for delivery to > the local dovecot (via lmtp), the message instead goes out to my ISP in > the fashion of currently working email se[r]ver.

[pfx] Re: LDAP map configuration

On Thu, Jun 29, 2023 at 04:19:01PM +, Joseph L. Casale via Postfix-users wrote: > I have main.cf configured with relay_recipient_maps = > ldap:/etc/postfix/relay_recipients where relay_recipients contains a > bind_dn and bind_pw entry. > > I need to manage the bind parameters in another

[pfx] Re: DANE for postfix mailing list?

On Thu, Jun 29, 2023 at 06:08:27PM +0200, Joachim Lindenberg via Postfix-users wrote: > I remember there was the goal to use DANE for the mailing list, but I > wonder whether or to what extend that has been achieved. > The list traffic is hardly confidential, but "dog-food" consumption has

[pfx] Re: Upgrading from 2.1.10 to 3.7.4.1

On Thu, Jun 29, 2023 at 09:04:58AM -0700, Patrick Mahan wrote: > Thanks Viktor, I will do so. I am taking advantage of this to (finally) > set up a rooted certificate and not just a self-signed one as it seems that > Apple mail has problems with my puny self-signed one. I also need to look > at

[pfx] Re: Postfix "sendmail -bv" command: Trouble with spamassassin and virtual_aliases

On Thu, Jun 29, 2023 at 05:21:32PM +0200, Robert Senger via Postfix-users wrote: > Of course, I could write my own "sendmail" script which takes the > virtual_alias, This is possible with care, but not ideal, better would be to find some way to get the milter to make the relevant queries

[pfx] Re: Warnings related to TLS and hostnames not resolving to IP

On Thu, Jun 29, 2023 at 03:30:22PM +0300, Nikolaos Milas via Postfix-users wrote: > Jun 29 06:07:51 mailgw1 postfix/smtpd[471355]: warning: > hostname chg.server1.ideacentral.com > does not resolve to address 173.236.106.135 > > 1. Is it normal/acceptable to have hostnames not resolving to

[pfx] Re: Upgrading from 2.1.10 to 3.7.4.1

On Wed, Jun 28, 2023 at 06:22:23PM -0700, Patrick Mahan via Postfix-users wrote: > > See: > > > > https://www.postfix.org/COMPATIBILITY_README.html > > > > for how to accept or permanently override the new default values. > > Wow, I had briefly looked at that but did not pickup on that

[pfx] Re: Forward inside other forward fails for non-local accounts

On Wed, Jun 28, 2023 at 09:59:21AM +0900, Alberto Lepe via Postfix-users wrote: > So it means that 'yuko3000' should expand also to 'yuko.exam...@gmail.com', > right? I said no such thing. Rather lists should expand to a set of logical mailbox addresses, and each mailbox address should at its

[pfx] Re: Forward inside other forward fails for non-local accounts

On Tue, Jun 27, 2023 at 11:34:45AM +0900, Alberto Lepe wrote: > If I understood correctly, you mean that > > $ postmap -q 'a...@example.com' $(postconf -xh virtual_alias_maps) > > Should return: > > yuko3000,yuko.exam...@gmail.com It should return exactly the email addresses that you intend

[pfx] Re: Forward inside other forward fails for non-local accounts

On Mon, Jun 26, 2023 at 04:03:51PM +0900, Alberto Lepe wrote: > > > I have a mailing list like: > > > > > > sa...@example.com: > > > pe...@example.com > > > s...@example.com > > > jenni...@example.com > > > a...@example.com > > > > Post the output of: > > > > $

[pfx] Re: Forward inside other forward fails for non-local accounts

On Mon, Jun 26, 2023 at 11:04:37AM +0900, Alberto Lepe via Postfix-users wrote: > I have a mailing list like: > > sa...@example.com: > pe...@example.com > s...@example.com > jenni...@example.com > a...@example.com Post the output of: $ postmap -q

[pfx] Re: Postfix: running a script on authentication failure

On Thu, Jun 22, 2023 at 03:45:43PM +0100, Allen Coates via Postfix-users wrote: > Is it possible / practical to develop the concept of a "service area" > - to white-list all the net-blocks where all your genuine callers > originate, and prohibit everywhere else? Perhaps if none of your users

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On Mon, Jun 19, 2023 at 09:12:29PM +, Anton Hvornum via Postfix-users wrote: > Yea found libmilter, appears to have some python bindings too. You don't need to go that far down the stack. Try the "Milter" package. There are sample Milters available, just tweak one to your needs. For

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On Mon, Jun 19, 2023 at 04:55:59PM +, Anton Hvornum via Postfix-users wrote: > Thank you again, I'm not sure how I would keep adding headers by > executing multiple times - without spamming the DNS server and looking > which headers have already been added. The policy server can keep per

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On Mon, Jun 19, 2023 at 04:10:46PM +, Anton Hvornum via Postfix-users wrote: > My understanding was that the "check_policy_service > unix:private/policy-spf" would hand over key=value pairs, I would use > that information to perform one spf-check, finalized by me returning all > the

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On Mon, Jun 19, 2023 at 03:36:13PM +, Anton Hvornum via Postfix-users wrote: > > When more than one PREPEND action executes,  the  first prepended  header > >  appears before the second etc. prepended header. To get more than one action to execute you need to call the policy

[pfx] Re: Restricted Users Emailing Themselves

On Mon, Jun 12, 2023 at 04:43:42PM -0700, Asai via Postfix-users wrote: > We have a situation where we want certain company groups to only be able > to email others in their group. Isn't each user a member of "their group? > I've been managing this through check_sender_access, and >

[pfx] Re: How to stop delivery looping

On Mon, Jun 12, 2023 at 08:47:10AM +, wesley--- via Postfix-users wrote: > may I know that, what's the mechanism for postfix to stop mail > delivery looping? > > for example, u...@foo.com forwards to u...@bar.com, and u...@bar.com forwards > back to u...@foo.com, this will be a loop. > >

[pfx] Re: choose relay host for specific messages based on several headers and not envelope

On Mon, Jun 12, 2023 at 11:25:52AM +0200, spi via Postfix-users wrote: > > To what end do various users need separate outbound relay hosts? > > For some of the aliases I am not the authoritive mail server. How does the mail end up delivered to your system? > >> Sieve vacation creates an ooo

[pfx] Re: choose relay host for specific messages based on several headers and not envelope

On Sun, Jun 11, 2023 at 11:28:46AM +0200, spi via Postfix-users wrote: > My users have a local mail address user@internal.local with different > aliases (virtual_mailbox_maps, virtual_alias_maps). Receiving and > sending mails through different relay hosts (am using >

[pfx] Re: No Postfix novice, but need novice-like advice (was Postfix or Dovecot cracked?!)

On Thu, Jun 08, 2023 at 05:39:21PM -0700, Richard Troy via Postfix-users wrote: > [Long story] My sympathy for your woes, but absent both configuration details https://www.postfix.org/DEBUG_README.html#mail and relevant logs, no meaningful help is possible. The only salient fact seems

[pfx] Re: incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

On Tue, Jun 06, 2023 at 11:52:42AM -0400, PGNet Dev wrote: > > Note that Postfix ">=TLS..." syntax explicitly sets the minimum protocol > > level, overriding any config file defaults (including crypto policy). > > i did not understand that to be the case. > > tho I *do* have > >

[pfx] Re: incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

On Tue, Jun 06, 2023 at 08:21:38AM -0400, PGNet Dev via Postfix-users wrote: > postconf mail_version > mail_version = 3.8.1 > > on > > lsb_release -rd > Description:Fedora release 38 (Thirty Eight) > Release:38 The Fedora crypto

[pfx] Re: MX load balancing

On Tue, May 30, 2023 at 04:07:32PM +0200, Benny Pedersen via Postfix-users wrote: > > There's no good reason to have mail sent to mx2 unless mx1 is down. Under the proviso that "mx1" is the mail store. The mail has to go there anyway, so it may as well get there in one hop. "Load balancing"

[pfx] Re: MX load balancing

On Tue, May 30, 2023 at 08:20:20PM +0800, t...@dkinbox.com wrote: > > In other words, where is the mail ultimately delivered for users to > > read it? > > I have a primary mx server saying it's mx1.dkinbox.com, where mails are > stored. In that case, "load-balancing" makes no sense. You should

[pfx] Re: MX load balancing

On Tue, May 30, 2023 at 07:18:01PM +0800, Tom Reed via Postfix-users wrote: > If I set up backup MX just the same weight as primary MX, can the two MX > servers work as load balancer for incoming emails? Will both then relay the mail to some other server for mailbox storage? Or are mailboxes

[pfx] Re: Detect/extract attachments in broken messages composed by Apple Mail

On Fri, May 26, 2023 at 01:05:09PM +0200, Paul Menzel via Postfix-users wrote: > > This behaviour is to be expected given the incorrect MIME structure > > of the message. It is: > > > > multipart/alternative > > text/plain > > multipart/mixed > > text/html > > attachment Note that

[pfx] "danebot" beta release (was: DANE and DNSSEC)

On Mon, May 22, 2023 at 09:53:36PM -0400, Viktor Dukhovni via Postfix-users wrote: > Key reuse as a *default* rollover approach is robust. When it is time > to change keys, one can do so deliberately, and with due care to > prepublish TLSA records matching the *next* key, then after a

[pfx] Re: TLS client policy according to domain MTA-STS policy

On Wed, May 24, 2023 at 02:25:38PM +0200, Paul Menzel via Postfix-users wrote: > Running the *Public Email & DNS Testbed* [1], I was reminded, that we > have MTA-STS set up, but do not take the MTAT-STS policy of other > domains into account. > > As a solution I found

[pfx] Re: wildcast for virtual domains

On Tue, May 23, 2023 at 11:56:41AM +0800, Tom Reed via Postfix-users wrote: > Does virtual domains (such as virtual_alias_domains) support wildcard? > such as putting this one in the file: > > *.foo.com > > so that one.foo.com, two.foo.com... will be a recipient domain. You may think you want

[pfx] Re: DANE and DNSSEC

On Mon, May 22, 2023 at 02:34:41PM +0200, Joachim Lindenberg via Postfix-users wrote: > reusing the private key for too long (say a year or more) is > considered a bad security practice. Imho it is easier to monitor > changes of the issuing CA (I do) or just mark your calendar to update > in

[pfx] Re: content filter sends mail twice

On Mon, May 22, 2023 at 06:06:00PM -0400, Alex wrote: > Yes, I wasn't aware that's how it worked. I've now explicitly defined the > bcc-user to use the same transport, but the problem is that there is one > bcc-user but multiple transports, each with their own policy. This is where

[pfx] Re: delivery loop?

On Mon, May 22, 2023 at 08:26:19PM +0800, Tom Reed via Postfix-users wrote: > 1. postfix is a backup MX for foo.com > 2. this postfix uses other MTA as relay_host This would be a misconfiguration. A backup MX host MUST NOT be an effective null client that relays *all* non-local mail to a

[pfx] Re: content filter sends mail twice

On Sun, May 21, 2023 at 02:05:31PM -0400, Alex via Postfix-users wrote: > Can I follow up on this? I can't figure out why always_bcc mail is being > sent through the default content filter while mail designated for my > domain-specific transport is sent through another in my multi-instance >

[pfx] Re: per-domain header/body checks?

On Sun, May 21, 2023 at 06:26:34PM -0400, Alex via Postfix-users wrote: > I don't have any content filters set up in the front-end postfix. How do I > connect the front-end postfix with the filters? For per-domain message content modification you need to first "split the envelope", so that each

[pfx] Re: delivery number question

On Fri, May 19, 2023 at 08:57:34AM +0800, Tom Reed via Postfix-users wrote: > > > > On Thu, May 18, 2023 at 07:48:32PM +0800, Tom Reed via Postfix-users > > wrote: > > > >> If a sender write a message which has N recipients in the same > >> destination domain (say gmx.de), when postfix deliver

[pfx] Re: per-domain sender_checks?

On Thu, May 18, 2023 at 07:07:55PM -0400, Alex via Postfix-users wrote: > > Is there a way to control smtpd_recipient_restrictions on a per-domain > > > basis [...] To resolve the ambiguity, you might have said: "per *recipient* domain" > If I interpret your instructions properly, this is kind

[pfx] Re: content filter sends mail twice

On Thu, May 18, 2023 at 09:20:38AM -0400, Alex via Postfix-users wrote: > Maybe my issue is that the always_bcc user is going through a transport at > all, and instead should just be delivered locally, or perhaps processed > only by the local_transport? How can I do that? > > I recall many years

[pfx] Re: DANE and DNSSEC

On Thu, May 18, 2023 at 08:54:16PM +0200, Joachim Lindenberg via Postfix-users wrote: > For Letsencrypt certificates I´d definitely go with 2 1 1 > 8D02536C887482BC34FF54E41D2BA659BF85B341A0A20AFADB5813DCFBCF286D and > optionally the R4 derivate and add their successors when these are > about to

[pfx] Re: DANE and DNSSEC

On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users wrote: > And now i added TLSA record for only *outbond* smtp server, > . It is also your secondary MX host: https://stats.dnssec-tools.org/explore/?doraji.xyz the primary MX host does not yet have TLSA records.

[pfx] Re: delivery number question

On Thu, May 18, 2023 at 07:48:32PM +0800, Tom Reed via Postfix-users wrote: > If a sender write a message which has N recipients in the same > destination domain (say gmx.de), when postfix deliver this message to > peer MTA, will it deliver one copy, or N copies? For a typical message the number

[pfx] Re: per-domain sender_checks?

On Tue, May 16, 2023 at 06:54:47PM -0400, Alex wrote: > > The problems with their DNS are: > > > > - ns1.apr.gov.rs: EDNS(0) option intolerance, but returns > > FORMERR, so fallback to non-EDNS queries should (and does) work. > > [...] > > Disabling use of cookies in your

[pfx] Re: per-domain sender_checks?

On Tue, May 16, 2023 at 11:27:52AM -0400, Alex via Postfix-users wrote: > > > $ host info.apr.gov.rs > > > Host info.apr.gov.rs not found: 2(SERVFAIL) > > There's definitely a problem with their name servers, but it also seems my > version of bind is not permissive enough for such failures,

[pfx] Re: how to implement plus address

On Sat, May 13, 2023 at 06:06:59PM +0800, Tom Reed via Postfix-users wrote: > How to setup dovecot then? Thank you. In cases where all recipient addresses undergo some form of virtual or local alias rewriting before being handed off for delivery to dovecot, you can arrange for the address

[pfx] Re: postfix ports questions

On Sat, May 13, 2023 at 06:51:30PM +0800, Tom Reed via Postfix-users wrote: > Can I setup only port 25 open to the world? If port 465/587 are filtered > by iptables which only permit internal users to connect, does this make > sense to external MTAs (such as google, MS's)? You do not need to

[pfx] Re: question: "said: 550 Mail was identified as spam"

On Sat, May 13, 2023 at 09:32:14AM +0800, l...@cndns.com wrote: > We did not use a service like milter, but simply used postfix relays at > both ends, nor did we use spamassassin. Retelling in your own words what you believe happened won't enable anyone to help you. :-( For actual help, follow

[pfx] Re: mua config; with user; not with user@domain

On Fri, May 12, 2023 at 12:55:26PM -0400, Wietse Venema via Postfix-users wrote: > NON-DEBUG logging for a Postfix SMTP session that shows the poblem. > > Output from the command "postconf -nf". Be sure to sanitize passwords > or othre private infprmation. In other words, don't paste any of the

[pfx] Re: question: "said: 550 Mail was identified as spam"

On Fri, May 12, 2023 at 03:32:45PM +0800, lty--- via Postfix-users wrote: > > > Hello > > The mail is transferred to the postfix service of the relay server > through the postfix service. Occasionally, the mail will be rejected and > the message "said: 550 Mail was identified as spam" will be

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote: > Thank you so much for the suggestion to review the crypto setting as this > indeed a RedHat based distribution. I confirmed it is set to "default" > which means “The default system-wide cryptographic policy level offers >

[pfx] Re: working around crypto policies turned up to 11

On Mon, May 08, 2023 at 06:13:25PM -0400, Wietse Venema via Postfix-users wrote: > We're thinking of adding a few new settings to the stable Postfix > releases that allow Postfix to regain some control over crypto > policies that do not necessarily improve matters for SMTP where > the main result

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

On Mon, May 08, 2023 at 12:33:31PM +1000, Sean Gallagher via Postfix-users wrote: > > [ Yes, one could also craft "classless" access(5) tables, ... and rely > >only on explicit transport(5) table entries, opting out of all the > >taxonomy that makes it easier to reason about Postfix mail

[pfx] Re: postfix and ssl provlem

On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote: > I have some problem with cert - user who connect via 465 > > postfix/smtps/smtpd[6901]: warning: TLS library problem: > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: >

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

On Mon, May 08, 2023 at 11:00:55AM +1000, Sean Gallagher via Postfix-users wrote: > check_rcpt_maps() in smtpd_check.c first looks for the recipient in > rcpt_canon_mapsand virt_alias_maps, that's the class-less part. Then it > classifies the recipient domain and checks the relevant recipient

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

On Mon, May 08, 2023 at 09:55:28AM +1000, Sean Gallagher via Postfix-users wrote: > Q: how would an entry in virtual_alias_maps like > localpart@$virtual_alias_domains localpart@$virtual_alias_domains be > handled? > A: It would stay in $virtual_alias_domains and be handed to >

[pfx] Postfix vs. RedHat/Fedora crypto policies

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > If your system is a RHEL or recent Fedora or similar system, or perhaps > by now other distributions have joined the club, then you'll to find the > relevant crypto policy file and dial it down a bit (

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > You should of course also share > (https://www.postfix.org/DEBUG_README.html#mail) > > $ postconf -nf > $ postconf -Mf > > without any changes in whitespace, including li

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid >

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 02:34:53PM +1000, Sean Gallagher via Postfix-users wrote: > That makes sense, and is exactly what I would expect, but it still needs > to be documented. > > But it does raise another question in my mind. Many places in the > documentation state that the "Local" domain

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 01:57:19PM +1000, Sean Gallagher via Postfix-users wrote: > > This is rarely what you want. I'd be inclined to require that the > > "inet_interfaces" parameter be non-empty (though it could still be > > effectively empty as a list by setting it to be a mixture of spaces

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 02:08:29PM +1200, Peter via Postfix-users wrote: > On 5/05/23 11:33, Wietse Venema via Postfix-users wrote: > > An empty inet_interfaces means that there is no constraint for the > > SMTP client source IP address. I am adding some text for that. > > I think the question

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 07:01:03AM +1000, Sean Gallagher via Postfix-users wrote: > Specify "all" to receive mail on all network interfaces (default), > "loopback-only" to receive mail on loopback network interfaces only > (Postfix version 2.2 and later) or leave blank to disable the reception

[pfx] Re: Question on the CNAME

On Thu, May 04, 2023 at 01:02:14AM +, Ken Peng via Postfix-users wrote: > I am just not sure, for this domain SpaceMail.com, who has a CNAME to > CDN for the root domain, every query to this domain will get a CNAME. > for instance, > > $ dig spacemail.com mx +nocmd +noall +answer >

[pfx] Re: inet_interfaces documentation

On Wed, May 03, 2023 at 12:48:28PM -0400, Wietse Venema via Postfix-users wrote: > I updated the inet_interfaces documentation anmd clarified its > relationship with smtp_bind*_address and system-chosen source IP > addresses. > > Wietse > >When smtp_bind_address and/or

[pfx] Re: relocated: Allow custom message

On Wed, May 03, 2023 at 02:53:06PM +0200, Paul Menzel via Postfix-users wrote: > Some of our users, that relocate, ask for a custom message over the > current one: > > user has moved to new_location > > For example: > > This address is out of service. For business please contact >

[pfx] THREAD CLOSED: (was: Contradicting Postfix documentation)

On Wed, May 03, 2023 at 02:57:34PM +1000, Sean Gallagher via Postfix-users wrote: > Documentation can always be improved but there is nothing wrong with the > program itself in this respect. We can close this thread. The OP's membership in the list has been terminated for uncivil behaviour.

[pfx] Re: Contradicting Postfix documentation

On Wed, May 03, 2023 at 04:57:57AM +0200, Kolusion K via Postfix-users wrote: > Its not naive, its a fact- Postfix is broken. The inet_interfaces > parameter is described in the documentation as making Postfix use only > the interfaces listed for the parameter. In reality, Postfix ignores > the

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 07:03:55PM -0400, PGNet Dev via Postfix-users wrote: > > Also look into other possibilities, the DST Root issue is a bit of a > > longshot. If you can get an account on Outlook.com, send mail and > > see if it bounces with usable diagnostics in the bounce. > > I changed

<    1   2   3   4   5   6   >