mit it to
just things that get sent to remote servers.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ackwards compatibility should/must be of the utmost
importance to prevent massive breakage in the face of
inattention by system administrators, but I think that
should be true of any system that people might come to
depend on. Others seem happy to break things regularly.
erations and implementation are brilliant.
How it stayed so good for 25 years is a testament to your great judgement.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
a stable by default
> key during certificate renewals.
>
> --
> Viktor.
You know it makes sense.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
anebot)
that (only) works with nsupdate. I don't know enough about it to recommend it
or not.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ed only on the default configuration of
postfix, when really, the default selinux policy for postfix should probably
be based on all possible postfix behaviour. Talk to redhat about that.
It must be possible to adapt the selinux policy to allow tlsproxy (but I can't
help you with that).
cheer
main
with the bad records, but if that fails to fix the problem, you
need to stop sending report emails (or arrange to send that domain's
DMARC reports to /dev/null or similar).
And then submit a bug report for whatever software is sending the
DMARC report. If the bug is fixed, you can turn report
On Thu, Oct 26, 2023 at 03:16:04PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> What's notable here, is how rare actual compatibility breaks are in
> Postfix. Wietse has managed to maintain essentially backwards
> compatible behaviour for over 20 years, which speaks to both design
>
mail only over IPv4.
>
> /etc/postfix/main.cf:
> inet_protocols = all
>
> /etc/postfix/master.cf
> smtp ...other fields... smtp -o inet_protocols=ipv4
>
> * The setting "smtp_address_preference =
attempt ipv6 and risk a rejection. I haven't gotten
any bounce messages since favouring ipv4 in the client, but
if I do I'll make this change for the client. Thanks.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscri
lise
that an entity might only have a single ipv6 address.
They seem to think that everyone has at least 64 addresses.
So, when an unrelated tenant near my VPS sent spam from their
ipv6 address, it tainted my ipv6 address's reputation.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Tue, Aug 15, 2023 at 08:48:35AM -0400, Bill Cole via Postfix-users
wrote:
> Your task is to fix Microsoft's mishandling of email. (giggles insanely...)
:-)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
even migrate lost cronjobs to a new
cronhost if the old cronhost couldn't be brought back
up in time (if its state is stored on a remote
fileserver). It's each cronjob's responsibility to
indicate success/failure by its exit code, and to be
idempotent. It was very handy when I had system
administrat
message is resulting in a new
undeliverable message, with the subject header getting longer
and longer as each new "FW: Undeliverable:" is prepended to
it.
I've turned off FailureReports, but I'm wondering if anyone
knows a better way t
On Thu, May 18, 2023 at 09:11:41AM -0400, Viktor Dukhovni via Postfix-users
wrote:
> On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users
> wrote:
>
> > And now i added TLSA record for only *outbond* smtp server,
> > .
>
> It is also your secondary MX host:
>
>
events the renewal
from creating a new key. That way, the user can decide
when they want the key to rollover.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
t;
> --
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
Yes, it's best to let receiving MUAs deal with DMARC
failures, rather than mail servers (which should just
add Authentic
nks
If you only forward emails for a small, fixed number of addresses,
you can use github.com/zoni/postforward in combination with postsrsd,
but it requires an entry for each affected address in /etc/aliases.
It's not appropriate for more complex needs.
cheers,
raf
_
sample.com
>
> Thanks.
> Tom
Hi,
Put the following in /etc/postfix/main.cf:
recipient_delimiter = +
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
e you never have the situation
where things aren't working while your TLSA records are propagating
around the DNS because they were published well before they were
required.
Here are some wikis that might help:
https://github.com/baknu/DANE-for-SMTP/wiki
https://github.com/
on server itself was down
when jobs needed to run. But it (or a similar approach)
might be helpful for (non-cron) certbook hooks.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Thu, Apr 06, 2023 at 11:28:07AM +1000, Sean Gallagher
wrote:
> On 6/04/2023 10:39 am, raf via Postfix-users wrote:
> > On Thu, Apr 06, 2023 at 07:33:28AM +0800, Corey Hickman via Postfix-users
> > wrote:
> >
> > > Hello
> &g
be a fully-qualified
domain name.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ps?
I don't think so. I don't think the sni_maps are needed
at all but I could be wrong about that. If so, ignore
this answer. Most SMTP clients don't care about the
domain names in SMTP server certificates. But all of
your incoming connections are from your own
infrastr
On Sun, Mar 26, 2023 at 01:05:10PM +1300, Peter via Postfix-users
wrote:
> On 25/03/23 11:50, raf via Postfix-users wrote:
> > On Fri, Mar 10, 2023 at 09:11:58AM +1300, Peter via Postfix-users
> > wrote:
> >
> > > * Don't add a Reply-To:. I actually que
an that
it's OK to enforce it 100% of the time.
cheers,
raf
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
f the original
sender. The From: header address is now
postfix-mum...@postfix.org. If the postfix.com domain
had a DMARC policy, then it would apply, but it doesn't
have one. There is only SPF and DKIM. But that should
suffice unless there are mail provi
Apologies in advance if this is too off-topic (pass phrases, not postfix).
On Mon, Feb 13, 2023 at 11:22:24PM +, Allen Coates
wrote:
> On 13/02/2023 22:43, raf wrote:
> > And for diceware style passphrases to be meaningful,
> > it's important that none of the wo
e links to more explanation here:
https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
cheers,
raf
nfiguration matches your intentions.
postconf's -c option directs it to look at files somewhere
other than /etc/postfix.
Another thing to do is to monitor log output for a while
after making configuration changes to look for fatal errors
and useful warnings.
cheers,
raf
address of the client making the SMTP connection.
There is also the $header_checks parameter which lets you match
content in arbitrary headers. See postconf(5) and header_checks(5).
There is also spamassassin(1) and rspamd(1) for milter-based content
inspection and spam detection.
cheers,
raf
quot; replaced by the actual domain.
You can remove it when you later change the postfix
configuration on the second server to handle domainname
as a virtual domain (unless I've misunderstood your
intentions).
I'd recommend reading:
http://www.postfix.org/VIRTUAL_README.html
http://www.postfix.org/ADD
On Tue, Jan 17, 2023 at 07:55:08PM +0100, Maurizio Caloro
wrote:
>
> Am 17.01.2023 um 03:34 schrieb Scott Kitterman:
> >
> > On January 17, 2023 2:25:34 AM UTC, raf wrote:
> > > On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio
> > >
lias: "b...@example.com b...@example.com"
> vmailbox: "b...@example.com example.com/bar/"
>
> This works, and doesn't seem to cause a problem. I don't really want to
> change the software to remove this (unnecessary) entry in valias. Are there
> likely to be any problems with this?
I don't know, but if it works, it will probably continue to work.
cheers,
raf
ode doing the SPF check doesn't
explain why it failed. Some do. For example, the
postfix-policyd-spf-perl package on debian would
probably show the IP address that caused the failure.
Maybe it's 127.0.0.1 (or the IP address of an
authenticated submission client).
cheers,
raf
success.
>
> Can someone plese help me?
>
> Thanks
Perhaps it would be best to show what you tried by sending the
output of "postconf -n" and your transport table on the new host.
Someone might be able to see what's wrong with it.
cheers,
raf
It was just written
as an exercise. So it's probably dangerous to use it. :-)
cheers,
raf
> >
> > but they are. You shouldn't need any LDAP-specific support here,
> > Postfix will automatically generate a query with the extension elided.
>
> Thanks! Makes me wonder why the setup I was testing today failed to behave
> like you wrote. I'll try to reconstruct this on a test machine as soon as I
> find time and verify that.
Do you have "recipient_delimiter = +" in main.cf?
> p@rick
cheers,
raf
fix?
>
> Thanks
> RobertC
You could look into OpenARC (https://github.com/trusteddomainproject/OpenARC).
I was under the impression that it wasn't finished, but I think that's wrong.
I've heard of people using it. It's written by the same group that wrote
OpenDKIM.
cheers,
raf
and bang things
> out, I'd love to work with anyone who can.
Sure. I can probably be useful. I was about to create a
fork and (blindly) apply lots of the existing pull requests,
but I'd prefer to contribute to a more sane effort. :-)
> -Dan
cheers,
raf
> > On Dec 27, 2022, at 16:5
On Mon, Dec 26, 2022 at 11:45:52AM +0200, mailm...@ionos.gr wrote:
> On Mon, 26 Dec 2022 20:22:19 +1100 raf wrote:
>
> > That issue hasn't had any response, so maybe they aren't interested.
> > But I've just created a pull request to fix it:
> >
> > https://g
On Sat, Dec 24, 2022 at 08:05:12AM +0400, Samer Afach
wrote:
> Dear Raf:
>
> Thank you for the hint about UNIX sockets. I'll keep them. My only fear
> is/was that they're inappropriate to use across containers and something
> will break in the future. I guess I'll have
On Sat, Dec 24, 2022 at 07:51:42AM +0400, Samer Afach
wrote:
> Dear Raf:
>
> Thank you very much. I just tested my server with mxtoolbox, and all seems
> good. I didn't realize mxtoolbox works without MX records, thanks for that
> hint.
>
> I applied 90% of your suggestio
On Sat, Dec 24, 2022 at 06:28:29AM +0400, Samer Afach
wrote:
> On 24/12/2022 5:30 AM, raf wrote:
> > On Fri, Dec 23, 2022 at 04:35:03PM +0400, Samer Afach
> > wrote:
> >
> > > About your great loud thought, my containers are versioned but there's
>
tpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_database isn't needed (since Postfix 2.11)
> smtpd_use_tls = yes
It's not important, but smtpd_use_tls (and smtp_use_tls)
are obsolete and could be replaced with:
smtpd_tls_security_level = may
smtp_tls_security_level = may
cheers,
raf
s_security_level is set.
> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains =
> proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_limit = 0
> virtual_mailbox_maps =
> proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:inet:docker-email-dovecot:10024
> virtual_uid_maps = static:5000
> ```
>
> I would really appreciate your input on this. Have a great day.
>
> Cheers,
> Sam
cheers,
raf
rades
package in the container and a configuration for it
that automatically installs at least all security
upgrades. That way, the container can stay running for
long periods of time without the need to restart it
daily which presumably introduces tiny regular outages.
cheers,
raf
level=encrypt must be
encrypted, and thanks to the overriding
smtpd_relay_restrictions setting, must be
SASL-authenticated.
cheers,
raf
any
high-availability in that situation.
cheers,
raf
MX host. But of course, that's just my opinion.
> BTW, I mentioned traefik but I will not be running postfix behind
> traefik. I want postscreen to be the doorman on port 25 traffic.
>
> Thanks for tips and suggestions.
>
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
cheers,
raf
the mail server. EHLO is an
extension to the SMTP protocol that causes the server
to send back a list of features that it supports, so
that the client knows what it can do with that server
(e.g., STARTTLS, SMTPUTF8, 8BITMIME, etc.).
cheers,
raf
ternet.
If there isn't a How-To for Postfix in Docker and/or
behind HAProxy yet, then it would be great if someone
who was setting that up and encountering and solving
any problems along the way were able to write and
publish a How-To Guide to benefit others.
cheers,
raf
sy to miss some important
detail in some cases, but once you realise that and go back
to the documentation, what you needed to know is usually there.
Once you realise that, you know to read them more carefully.
cheers,
raf
ething or
> misunderstood something.
Perhaps I'm mistaken, but it sounds like mailfilter
could be replaced with canonical addressing to rewrite
sender addresses in outgoing emails.
http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
If so, it might simplify things.
cheers,
raf
On Fri, Dec 16, 2022 at 10:40:53AM +1100, raf wrote:
> On Thu, Dec 15, 2022 at 03:54:38PM -0600, Richard Raether
> wrote:
>
> > Dear users wiser than me (probably everyone),
> >
> > We have a legitimate domain, einsteintoolkit.org, but I'm getting mail for
&
name of the
server that connected to your server and tried to send
those emails. Perhaps you can contact its postmaster
and alert them to the problem.
cheers,
raf
eed a database or a web server.
If memory serves, you need to set up enough aliases
for each mailing list that it's worth automating
their addition, but if it's a single list, you
wouldn't need to. This is what I used to have in
aliases for each list.
# Majordomo template
# (e.g. (LIST, DOM
On Fri, Dec 02, 2022 at 09:47:03AM -0500, Wietse Venema
wrote:
> raf:
> > On Fri, Dec 02, 2022 at 08:51:14AM -0500, Wietse Venema
> > wrote:
> >
> > > David Dolan:
> > > > I guess it's using the musl resolver in Alpine so we need to migrate
know to send mail for the relayed domains
to it. The relayhost parameter applies to all non-local
mail.
See http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
But it might be OK if caduceus doesn't send any
mail of its own anywhere, or if helix is willing
to relay that mail on behalf of caduceus.
cheers,
raf
alpine is used in many many
docker images in production systems everywhere. :-)
cheers,
raf
e postconf -nf command shown above
would just output the one that Postfix ends up using,
which might or might not be the one you think it is
using. This might matter, but probably not. The second,
more detailed one, will override the first one. But
note that only the first (unused) one contains
permit_sasl_authenticated, so SASL-authenticated
connections will be subject to all the checks in the
second smtpd_relay_restrictions.
But I don't think this is causing your problem.
cheers,
raf
On Tue, Nov 29, 2022 at 03:44:02PM -0500, Jonathan Capra
wrote:
>
> On Tue, 29 Nov 2022, raf wrote:
>
> > On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
> > wrote:
> >
> > > smtpd_tls_session_cache_database = btree:${data_directory
y_domain_maps.cf,
> mysql:/etc/postfix/mysql_relay_alias_domain_maps.cf
> relay_recipient_maps =
>mysql:/etc/postfix/mysql_alias_maps.cf,
>mysql:/etc/postfix/mysql_alias_domain_maps.cf,
>mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf
>
> # Increase attachment size to 50 MB
> message_size_limit = 52428800
I hope that helps a bit. But it might not be enough to
solve the problem.
cheers,
raf
that might incur more DNS
lookups beyond your control, so the fewer you impose,
the better.
So, yes, it's more verbose, but it's also more efficient.
Also, using "mx" isn't great if you have more than one
MX host, and only the primary one sends mail. It's
probably harmless, though, as long as you control all
the MX hosts.
cheers,
raf
en't done that. The separate IMAP account
sits alongside others in a dedicated dovecot directory.
There's a commented out line in /etc/dovecot/conf.d/10-mail.conf that
looks hopeful:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
That parameter also accepts "maildir:" as a prefix instead of "mbox:".
Anyway, just an idea to consider.
cheers,
raf
On Mon, Nov 21, 2022 at 10:18:38PM +, Scott Kitterman
wrote:
> On November 21, 2022 8:50:51 PM UTC, raf wrote:
> >On Mon, Nov 21, 2022 at 12:48:49AM +, Scott Kitterman
> > wrote:
> >
> >> On November 20, 2022 11:47:02 PM UTC, raf wrote:
> >>
On Mon, Nov 21, 2022 at 12:48:49AM +, Scott Kitterman
wrote:
> On November 20, 2022 11:47:02 PM UTC, raf wrote:
> >
> >There are also Debian packages for policy server versions:
> >
> > postfix-policyd-spf-perl
> > postfix-policyd-spf-python
>
spf-engine
>
> Package: postfix-policyd-spf-python
> Source: spf-engine
There are also Debian packages for policy server versions:
postfix-policyd-spf-perl
postfix-policyd-spf-python
cheers,
raf
. By default, no message
## will be rejected or temp-failed regardless of the outcome of the DMARC
## evaluation of the message. Instead, an Authentication-Results header
## field will be added.
cheers,
raf
n but there might be equivalent tutorials
for other Linux systems on that website.
It might assume other steps in the complete tutorial:
https://www.linuxbabe.com/mail-server/build-email-server-from-scratch-debian-postfix-smtp
But maybe not.
People say good things about rspamd as well. Check that out.
cheers,
raf
it's the
latter, perhaps it's just using the address of the user
account that is running the process.
Note that I'm not familiar with python's sendmail
library (I've only used smtplib), so this might be a
red herring, but its webpage says it has an
smtplib-compatible API, but that it invokes the
sendmail binary.
Apologies if this is irrelevant/unhelpful.
cheers,
raf
l if the list of recipient
addresses is fairly static (or if you can automate
change propagation to postfinger's configuration).
https://github.com/roehling/postsrsd
https://github.com/zoni/postforward
Debian has a package for postsrsd, but not
for postforward.
cheers,
raf
record for it. The
expectation is that the SPF record for sbt.net.au
contain the IP address of geko.sbt.net.au, which it
does.
> avoid unneed google includes in spf
Maybe that's needed when sending emails from gmail.
Either way, it shouldn't have any bearing on the problem.
Unless I'm missing something.
cheers,
raf
-t txt sbt.net.au
sbt.net.au descriptive text "v=spf1 ip4:103.106.168.106 ip4:103.106.168.105
ip4:125.168.124.3 include:_spf.google.com ~all"
> host -t any sbt.net.au
sbt.net.au mail is handled by 10 geko.sbt.net.au.
sbt.net.au has address 103.106.168.106
sbt.net.au descriptive text "v=spf1 ip4:103.106.168.106 ip4:103.106.168.105
ip4:125.168.124.3 include:_spf.google.com ~all"
cheers,
raf
g server doesn't require its own SPF record.
That's just for the domain used in the envelope address
(sbt.net.au).
There are lots of mail testing sites, e.g.:
https://mail-tester.com
https://mailtester.com
https://www.mailgenius.com
https://www.mailreach.co/mail-tester-alternative
I've only used the first one.
cheers,
raf
d modern small keys
exist now. And its popularity is steadily increasing.
And the claim that the government controls your keys is
just wierd. I don't understand that claim at all. Maybe
the author doesn't know what escrow means.
cheers,
raf
hing
else has been incorrectly chowned by mistake.
I'm probably being ridiculous (sorry) but the error message looks
like it's saying that / is writable and owned by the user bind.
That's very unlikely, but if it were true, it would be worth an
error message.
cheers,
raf
22:50 dkim.key
> -rw--- 1 opendkim opendkim 1675 Jun 26 22:50 nmail.private
> -rw--- 1 opendkim opendkim 506 Jun 26 22:50 nmail.txt
>
> thanks for any help
> regards
cheers,
raf
On Sun, Jun 26, 2022 at 07:45:47AM -0400, Wietse Venema
wrote:
> raf:
> > Also, is .= the best notation? Would += be better?
>
> https://marc.info/?l=postfix-users=164779562215790=2
>
> Wietse
Of course.
cheers,
raf
On Sat, Jun 25, 2022 at 09:08:30PM -0400, Wietse Venema
wrote:
> raf:
> > If .= can reliably distinguish between being applied to
> > a list or scalar parameter, maybe it could automatically
> > include a leading space when adding to lists.
>
> Unfortunately, the m
can be fixed by requiring a comma when appending to a list:
>
> export_environment .= , { NAME = value }
>
> would result in
>
> export_environment = TZ MAIL_CONFIG LANG, { NAME = value }
>
> This is more explicit, and a little less user friendly.
>
> Wietse
If .= can reliably distinguish between being applied to
a list or scalar parameter, maybe it could automatically
include a leading space when adding to lists.
cheers,
raf
On Fri, Jun 17, 2022 at 01:20:05PM -0400, Viktor Dukhovni
wrote:
> On Fri, Jun 17, 2022 at 04:03:52PM +1000, raf wrote:
>
> > > Out: 454 4.7.0 TLS not available due to local problem
> >
> > Try deleting the middle two files (nmail.calm-ness.ch),
luding them in the command)):
certbot renew --force-renewal --cert-name XXX
Also note that there is a very useful forum for help with
letsencrypt and certbot:
https://community.letsencrypt.org/
cheers,
raf
> Out: 250-nmail.caloro.ch
> Out: 250-PIPELINING
> Out: 250-SIZE 25428800
> Out: 250-ETRN
> Out: 250-STARTTLS
> Out: 250-ENHANCEDSTATUSCODES
> Out: 250-8BITMIME
> Out: 250-DSN
> Out: 250 CHUNKING
> In: STARTTLS
> Out: 454 4.7.0 TLS not available due to local problem
> In: QUIT
> Out: 221 2.0.0 Bye
>
> thanks
Try deleting the middle two files (nmail.calm-ness.ch),
or swapping them around. They are in the wrong order.
cheers,
raf
On Thu, Jun 16, 2022 at 07:50:40PM -0400, Viktor Dukhovni
wrote:
> On Thu, Jun 16, 2022 at 11:07:05PM +0200, Maurizio Caloro wrote:
>
> > --> Out: 454 4.7.0 TLS not available due to local problem
>
> As expected.
>
> > smtpd_tls_chain_files =
> >
and not providing any mechanisms to choose
> > alternative locations.
>
> I have tried with debian 11 and I can confirm this.
> Changing cyrus_sasl_config_path did not help and
> /etc/postfix/sasl/smtpd.conf was used.
That's what I'm seeing too, now. The lesson for me here is
not to perform experiments the day after general anaesthetic. :-)
cheers,
raf
ent_mx_access.cidr
>
> 52.164.206.56 reject
>
> Regards,
Not sure, but if there's no MX record, then there's no MX host to look up.
Perhaps you want to use check_recipient_a_access instead for these?
cheers,
raf
On Wed, Jun 01, 2022 at 12:03:43AM -0400, Viktor Dukhovni
wrote:
> On Wed, Jun 01, 2022 at 01:35:56PM +1000, raf wrote:
>
> > > So what did they do?
> > >
> > > > $ postconf -d cyrus_sasl_config_path
> > > > cyrus_sasl_config_pa
On Wed, Jun 01, 2022 at 03:56:02PM +1200, Peter wrote:
> On 30/05/22 2:48 pm, raf wrote:
> > > If set
> > > +empty (the default value) the search path is the one compiled into the
> > > +Cyrus SASL library.
> >
> > I don't think that's entirely correc
On Mon, May 30, 2022 at 12:15:19AM -0400, Viktor Dukhovni
wrote:
> On Mon, May 30, 2022 at 12:48:46PM +1000, raf wrote:
>
> > I don't think that's entirely correct. On Debian, for
> > example, the default value of cyrus_sasl_config_path is
> > empty, and /etc/postf
t; and
"--key-type ecdsa".
cheers,
raf
But perhaps other systems do use a non-empty default.
But it does look like it's not the postfix package that
they changed. They changed the sasl2-bin package.
The only executable binary that contains the string
/etc/postfix/sasl is /usr/bin/saslfinger which is
provided by the sasl2-bin package.
$ find /usr -type f -perm /111 -exec grep -l /etc/postfix/sasl '{}' ';'
/usr/bin/saslfinger
$ dpkg-query -S /usr/bin/saslfinger
sasl2-bin: /usr/bin/saslfinger
cheers,
raf
/var/lib/sasl2. On Debian, it's in /etc/postfix/sasl.
Perhaps "ln -s /etc/sasl2 /etc/postfix/sasl" might
help.
cheers,
raf
/postfix/etc/sasldb2 and created a symlink to
it at /etc/sasldb2.
That might be the cause, but bear in mind Viktor's comments about
the lack of security in having unhashed passwords on disk.
> --
> Jim Garrison
> j...@acm.org
cheers,
raf
s created for sendmail. So
postfix doesn't document that protocol. It just adopted
it. Documenting it is sendmail's job. But it would be
good to have a reference to its documentation added to
the milter readme. I once went searching for the milter
protocol documentation and had trouble.
cheers,
raf
dbm hash lmdb sdbm
The database types that are read directly as text are:
pcre regexp cidr texthash
You didn't specify an explicit database type in the
postmap command, so it's probably hash (i.e., the value
of the $default_database_type parameter).
cheers,
raf
com
accou...@domain2.com accou...@domain3.com accou...@domain3.com
@domain4.com accou...@domain4.com accou...@domain4.com accou...@domain5.com
accou...@domain5.com
@domain5.com accou...@domain4.com accou...@domain4.com accou...@domain5.com
accou...@domain5.com
Hopefully, someone will suggest a ni
On Sun, May 01, 2022 at 10:17:33PM -0400, Viktor Dukhovni
wrote:
> On Mon, May 02, 2022 at 12:04:13PM +1000, raf wrote:
>
> > The test email bounced with the following report:
> >
> > > Diagnostic information for administrators:
> > >
> > &
MTA-STS (using
yet another spare domain so I don't have to wait a week).
cheers,
raf
On Sat, Apr 30, 2022 at 01:11:05AM -0400, Viktor Dukhovni
wrote:
> On Sat, Apr 30, 2022 at 10:28:06AM +1000, raf wrote:
>
> > > .domain.tld
> > >
> > > Matches subdomains of domain.tld, but only when the
> > > string smtp
1 - 100 of 282 matches
Mail list logo
