[pfx] Re: Update: What features to deprecate

Peter via Postfix-users: > On 21/02/24 12:40, Wietse Venema via Postfix-users wrote: > > Peter via Postfix-users: > >>> A quick status update. > >>> > >>> First, several features have been logging warnings that they would > >>> be removed for 10 years or more, so we could delete them in good > >>>

[pfx] Re: Update: What features to deprecate

On 21/02/24 12:40, Wietse Venema via Postfix-users wrote: Peter via Postfix-users: A quick status update. First, several features have been logging warnings that they would be removed for 10 years or more, so we could delete them in good conscience (perhaps keeping the warning with the

[pfx] Re: Update: What features to deprecate

Peter via Postfix-users: > > A quick status update. > > > > First, several features have been logging warnings that they would > > be removed for 10 years or more, so we could delete them in good > > conscience (perhaps keeping the warning with the suggested alternative). > > This change has not

[pfx] Re: Update: What features to deprecate

On 19/02/24 14:00, Wietse Venema via Postfix-users wrote: Viktor Dukhovni via Postfix-users: On Tue, Feb 13, 2024 at 12:23:32PM -0500, Wietse Venema via Postfix-users wrote: Over 25 years, Postfix has accumulated some features that are essentially obsolete. A quick status update. First,

[pfx] Update: What features to deprecate

Viktor Dukhovni via Postfix-users: > On Tue, Feb 13, 2024 at 12:23:32PM -0500, Wietse Venema via Postfix-users > wrote: > > > Over 25 years, Postfix has accumulated some features that > > are essentially obsolete. A quick status update. First, several features have been logging warnings that

[pfx] Re: What features to deprecate

https://www.postfix.com/SMTPD_POLICY_README.html And if that's not enough just start reading the page with _all_ the configuration directive and figure out what you need  - -- Nikolai Lusan Email: niko...@lusan.id.au -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL

[pfx] Re: What features to deprecate

> On 14. Feb 2024, at 09:23, Geert Hendrickx via Postfix-users > wrote: > >> Of course it is best dealt with at the source by configuring the >> client systems to use the correct domain. > > > Perhaps, but not all client systems are under our control (trusted but not > necessarily

[pfx] Re: What features to deprecate

On Tue, Feb 13, 2024 at 12:51:51 -0500, Viktor Dukhovni via Postfix-users wrote: > On Tue, Feb 13, 2024 at 06:32:14PM +0100, Geert Hendrickx via Postfix-users > wrote: > > What's the alternative for masquerade_domains ? > > It is canonical_maps, ideally with explicit mappings for each expected >

[pfx] Re: What features to deprecate

On Tue, Feb 13, 2024 at 01:20:00PM -0500, Wietse Venema via Postfix-users wrote: > > Obsoleted by automatic negotiation in the SSL code: > > > > - smtpd_tls_dh1024_param_file = auto > > - smtpd_tls_eecdh_grade = auto > > > > [ We could delete the underlying support code for the explicit

[pfx] Re: What features to deprecate

ty_levels>=3.9. > > > > - masquerade_domains complicates table-driven address validation. > > Log a deprecation warning with compatibility_levels>=3.9. > > > > - disable_dns_lookups can be migrated to smtp_dns_support_level > > which implements a superset of

[pfx] Re: What features to deprecate

Geert Hendrickx via Postfix-users: > On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix-users wrote: > > - masquerade_domains complicates table-driven address validation. > > Log a deprecation warning with compatibility_levels>=3.9. > > > What's the alternative for

[pfx] Re: What features to deprecate

On Tue, Feb 13, 2024 at 06:32:14PM +0100, Geert Hendrickx via Postfix-users wrote: > On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix-users wrote: > > - masquerade_domains complicates table-driven address validation. > > Log a deprecation warning with compatibility_levels>=3.9.

[pfx] Re: What features to deprecate

tion. > Log a deprecation warning with compatibility_levels>=3.9. > > - disable_dns_lookups can be migrated to smtp_dns_support_level > which implements a superset of the functionality. Log a deprecation > warning with compatibility_levels>=3.9. > > What else needs to go

[pfx] Re: What features to deprecate

On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix-users wrote: > - masquerade_domains complicates table-driven address validation. > Log a deprecation warning with compatibility_levels>=3.9. What's the alternative for masquerade_domains ? Geert

[pfx] What features to deprecate

which implements a superset of the functionality. Log a deprecation warning with compatibility_levels>=3.9. What else needs to go? Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix

[pfx] Re: What does postfix do with malformed messages?

On Wed, Nov 29, 2023 at 10:17:01AM -0500, Wietse Venema via Postfix-users wrote: > > I see the cleanup program and all the options about when to run it and > > what to tell it to do, but in practice, will a typical system clean > > everything up, just locally submitted stuff,

[pfx] Re: What does postfix do with malformed messages?

John Levine via Postfix-users: > If a malformed mail message shows up by SMTP (not local sendmail or > submission), will postfix generally try to clean it up or just > pass it along? > > I see the cleanup program and all the options about when to run it and > what to tell it to d

[pfx] Re: What does postfix do with malformed messages?

On Tue, Nov 28, 2023 at 10:04:53PM -0500, John Levine via Postfix-users wrote: > If a malformed mail message shows up by SMTP (not local sendmail or > submission), will postfix generally try to clean it up or just > pass it along? You have to be a bit more specific. What does "m

[pfx] What does postfix do with malformed messages?

If a malformed mail message shows up by SMTP (not local sendmail or submission), will postfix generally try to clean it up or just pass it along? I see the cleanup program and all the options about when to run it and what to tell it to do, but in practice, will a typical system clean everything

[pfx] Re: What is best way for backup solution?

Dear Matt, Matt Kinni via Postfix-users writes: > Are you just talking about backing up the config files in /etc/postfix? > I would recommend using git for version control; there is nothing > special about backing up the postfix configs vis a vis any other > service on your machine. It also

[pfx] Re: What is best way for backup solution?

Are you just talking about backing up the config files in /etc/postfix? I would recommend using git for version control; there is nothing special about backing up the postfix configs vis a vis any other service on your machine. It also wouldn’t hurt to take periodic snapshots of your VMs Sent

[pfx] What is best way for backup solution?

Hellow, I am running two Postfix servers. Both are in Cloud -- Google GCP and Rimuhosting-EU VM. Recently i thought that i have to backup servers setting values. Because sometimes i meet minor accidents. Somebody say Docker is good for backup. Though i would like to hear more opinions. Any

Re: What is happening here? (TLS Library Problem)

ing my request. > > > On Tue, Jun 14, 2022 at 5:17 PM Demi Marie Obenour > wrote: > > > On 6/10/22 08:55, Gerben Wierda wrote: > > > > > >> On 10 Jun 2022, at 13:17, Wietse Venema wrote: > > >> > > >> Wietse Venema: > > >

Re: What is happening here? (TLS Library Problem)

; On 10 Jun 2022, at 02:30, Wietse Venema > wrote: > >>>>> > >>>>> Gerben Wierda: > >>>>>> What is happening here? (mail is delivered, I?m just curious) > >>>>>> > >>>>>> Jun 09 23:37:39 mail postfix/posts

Re: A little help/clarification on what SPF does please

What I'm not clear about is what happens when the mail is sent onwards by the 'smarthost' at Gandi. Does it change the envelope sender to Send an email to yourself and have a look at the headers. Some MTAs add received headers like "received by for ". On 14.01.23 19:10, Gerald Gal

Re: A little help/clarification on what SPF does please

On 14.01.23 11:02, Chris Green wrote: >I use postfix on my home server and deliver mail by connecting to my >hosting providers' "smart host" using authenticated SMTP. > >My home system's hostname is zbmc.eu but I don't use that domain in my >E-Mail address, I use isbd.co.uk which domain is hosted

Re: A little help/clarification on what SPF does please

>> What I'm not clear about is what happens when the mail is sent onwards >> by the 'smarthost' at Gandi. Does it change the envelope sender to > > Send an email to yourself and have a look at the headers. > Some MTAs add received headers like "received by for "

Re: A little help/clarification on what SPF does please

s no TXT record > > Presumably Gandi Internet accepts the mail anyway because it's an > authenticated SMTP connection. Usually spf is not checked in that case but gandi may use internal lists that define allowed envelope sender addresses for your sasl login, so that you cannot impersonate other c

Re: A little help/clarification on what SPF does please

;RCPT TO: >250 2.1.5 Ok >DATA >354 End data with . >From: >To: >Subject: test > >Hello, > >this is a test. >. >250 2.0.0 Ok: queued as 4Nvabz5RcNabcHH3 >QUIT >221 2.0.0 Bye > > > SPF is about

Re: A little help/clarification on what SPF does please

On Sat, Jan 14, 2023 at 04:55:45PM +0100, Matus UHLAR - fantomas wrote: > On 14.01.23 11:02, Chris Green wrote: > >I use postfix on my home server and deliver mail by connecting to my > >hosting providers' "smart host" using authenticated SMTP. > > > >My home system's hostname is zbmc.eu but I

Re: A little help/clarification on what SPF does please

QUIT 221 2.0.0 Bye SPF is about the envelope sender which is the address given at "MAIL FROM". The address at "From:" within the "DATA" stage is what your mailclient (Thunderbird, Outlook, ...) will display as the sender, which may be completely different and is not c

Re: A little help/clarification on what SPF does please

On 14.01.23 11:02, Chris Green wrote: I use postfix on my home server and deliver mail by connecting to my hosting providers' "smart host" using authenticated SMTP. My home system's hostname is zbmc.eu but I don't use that domain in my E-Mail address, I use isbd.co.uk which domain is hosted at

A little help/clarification on what SPF does please

I use postfix on my home server and deliver mail by connecting to my hosting providers' "smart host" using authenticated SMTP. My home system's hostname is zbmc.eu but I don't use that domain in my E-Mail address, I use isbd.co.uk which domain is hosted at one of my hosting providers

Re: What are the consequences of disabling chroot in all master services?

This is not specific to postfix, but I cannot pass this opportunity to remind/inform people that chroot is itself a potential source of security vulnerabilities: Please enjoy studying this beautiful local privilege escalation bug in FreeBSD's ftpd, which was enabled by chroot jail:

Re: What are the consequences of disabling chroot in all master services?

I apologize for the email being html-only, not my intention. I'm having trouble getting Thunderbird to do this right as I have to manually do this for every outgoing email. Tools > Settings > Composition > Sending Format > (Automatic || Only Plain Text) and Tools > Account Settings >

Re: What are the consequences of disabling chroot in all master services?

I apologize for the email being html-only, not my intention. I'm having trouble getting Thunderbird to do this right as I have to manually do this for every outgoing email. Can you please elaborate on what you mean with "problems of their own"? Anything specific comes to mind?

Re: What are the consequences of disabling chroot in all master services?

Sam: [ text/html is unsupported, treating like TEXT/PLAIN ] > ?html style="direction: ltr;"? > ?head? > > ?meta http-equiv="content-type" content="text/html; charset=UTF-8"? > ?style id="bidiui-paragraph-margins" type="text/css"?body p { > margin-bottom: 0cm; margin-top: 0pt; }

What are the consequences of disabling chroot in all master services?

Dear postfix experts: While setting up postfix in a docker container, I have been getting the error "fatal: unknown service: smtp/tcp" when attempting to send an email. I investigated the issue, and it seems it has something to do with setting up chroot

Re: What happens if Postfix can't reach relay_host? - Postfix on laptops for system messages, with relay_host behind VPN

On 11/15/22 17:56, r.barc...@habmalnefrage.de wrote: > Wietse, Thanks so much for your quick and helpful response! It's an honor to > talk to you! > > So my idea might only work, if I use the LAN IP address (e.g. 10.1.2.3) of > the internal mail server as relay_host. > If Postfix can't connect

Re: Re: What happens if Postfix can't reach relay_host? - Postfix on laptops for system messages, with relay_host behind VPN

On Tue, Nov 15, 2022 at 11:56:22PM +0100, r.barc...@habmalnefrage.de wrote: > So my idea might only work, if I use the LAN IP address (e.g. > 10.1.2.3) of the internal mail server as relay_host. If Postfix can't > connect to 10.1.2.3, it will probably retry mail relaying for some > days,

Re: Re: What happens if Postfix can't reach relay_host? - Postfix on laptops for system messages, with relay_host behind VPN

a different idea / suggestion about how to collect local system emails from laptop clients? > Gesendet: Dienstag, 15. November 2022 um 22:45 Uhr > Von: "Wietse Venema" > An: "Postfix users" > Betreff: Re: What happens if Postfix can't reach relay_host? - Postfix o

Re: What happens if Postfix can't reach relay_host? - Postfix on laptops for system messages, with relay_host behind VPN

r.barc...@habmalnefrage.de: > This leads to my question: What happens to laptop-locally generated > / received emails, if their local Postfix can't reach the relay_host > in the intranet? The Postfx SMTP client will retry delivery after a soft error (host or port not reachable) until th

What happens if Postfix can't reach relay_host? - Postfix on laptops for system messages, with relay_host behind VPN

ctor server is only accessible if the laptops are connected to our internal LAN or to our VPN (OpenVPN). It has an internal IP address from 10.0.0.0/8 range. This leads to my question: What happens to laptop-locally generated / received emails, if their local Postfix can't reach the relay_host in the

Re: What is happening here? (TLS Library Problem)

On 6/10/22 08:55, Gerben Wierda wrote: > >> On 10 Jun 2022, at 13:17, Wietse Venema wrote: >> >> Wietse Venema: >>> Gerben Wierda: >>>> >>>>> On 10 Jun 2022, at 02:30, Wietse Venema wrote: >>>>> >>>>

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 02:55:24PM +0200, Gerben Wierda wrote: > > which links to https://github.com/openssl/openssl/issues/11378 > > . The > > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > > kept it in the branch that become

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 07:17:45AM -0400, Wietse Venema wrote: > Specifically, google 0A000126, the first result is PHP issue 8369a > which links to https://github.com/openssl/openssl/issues/11378. The > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > kept it in the branch that

Re: What is happening here? (TLS Library Problem)

> On 10 Jun 2022, at 13:17, Wietse Venema wrote: > > Wietse Venema: >> Gerben Wierda: >>> >>>> On 10 Jun 2022, at 02:30, Wietse Venema wrote: >>>> >>>> Gerben Wierda: >>>>> What is happening here? (mail is delivered,

Re: What is happening here? (TLS Library Problem)

Wietse Venema: > Gerben Wierda: > > > > > On 10 Jun 2022, at 02:30, Wietse Venema wrote: > > > > > > Gerben Wierda: > > >> What is happening here? (mail is delivered, I?m just curious) > > >> > > >> Jun 09 23:37:39 ma

Re: What is happening here? (TLS Library Problem)

Gerben Wierda: > > > On 10 Jun 2022, at 02:30, Wietse Venema wrote: > > > > Gerben Wierda: > >> What is happening here? (mail is delivered, I?m just curious) > >> > >> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from > >> [

Re: What is happening here? (TLS Library Problem)

> On 10 Jun 2022, at 02:30, Wietse Venema wrote: > > Gerben Wierda: >> What is happening here? (mail is delivered, I?m just curious) >> >> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from >> [146.185.52.133]:10400 to [192.168.2.66]:25 >>

Re: What is happening here? (TLS Library Problem)

On Thu, Jun 09, 2022 at 11:58:23PM +0200, Gerben Wierda wrote: > What is happening here? (mail is delivered, I’m just curious) The client TLS connection ended before the client sent a TLS close_notify. The Postfix SMTP server attempted to read the client connection, but saw an unexpected

Re: What is happening here? (TLS Library Problem)

Gerben Wierda: > What is happening here? (mail is delivered, I?m just curious) > > Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from > [146.185.52.133]:10400 to [192.168.2.66]:25 > Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400 > Ju

What is happening here? (TLS Library Problem)

What is happening here? (mail is delivered, I’m just curious) Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from [146.185.52.133]:10400 to [192.168.2.66]:25 Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400 Jun 09 23:37:45 mail smtp/smtpd[4296]: connect from

Re: What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On 31/05/2022 16:38, Jaroslaw Rafa wrote: Dnia 31.05.2022 o godz. 22:18:56 Bret Busby pisze: I keep seeing "AW" prepended to message subjects and I have no idea of what it means. What does it mean? Some MUA authors falsely assume that the string "Re:" at the beginning o

Re: What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

Dnia 31.05.2022 o godz. 22:18:56 Bret Busby pisze: > > I keep seeing "AW" prepended to message subjects and I have no idea > of what it means. > > What does it mean? Some MUA authors falsely assume that the string "Re:" at the beginning of subject of a reply

Re: [External] What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On 5/31/2022 10:18 AM, Bret Busby wrote: I keep seeing "AW" prepended to message subjects and I have no idea of what it means. What does it mean? I believe it's the German equivalent for re: (https://en.wikipedia.org/wiki/List_of_email_subject_abbreviations) as in Regarding. Regards, KAM

What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On 31/5/22 7:05 pm, Maurizio Caloro wrote: Hello. I keep seeing "AW" prepended to message subjects and I have no idea of what it means. What does it mean? -- Bret Busby Armadale West Australia (UTC+0800) ..

Re: Alias and user same name: What happens?

On Tue, May 10, 2022 at 09:03:59AM +0200, lutz.niede...@gmx.net wrote: > userA and userB are real local users with a mailbox. What happens in > case of an aliases line like this: > > userA: userA, userB > > Does it deliver to local users userA and userB? I assume that i

Alias and user same name: What happens?

Hi, userA and userB are real local users with a mailbox. What happens in case of an aliases line like this: userA: userA, userB Does it deliver to local users userA and userB? I assume that it does not loop. Thanks & cheers! -lutzn

Re: for what file need to run postmap

On Wed, Apr 27, 2022 at 06:12:53PM +0800, al...@coakmail.com wrote: > I guess this kind of file doesn't need to run postmap against it? > > virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains > virtual_alias_domains = /etc/postfix/virtual_alias_domains These are "match lists", the

Re: for what file need to run postmap

al...@coakmail.com: > Hello > > I guess this kind of file doesn't need to run postmap against it? All tables that are created with the postmap command, as described in https://www.postfix.org/DATABASE_README.html#types Wietse

Re: for what file need to run postmap

Hello Alice, check out: http://www.postfix.org/postconf.5.html For every parameter you'll find the expected values, e.g. for virtual_alias_maps , which expects a "lookup table". If you use hash:*, you must postmap this file. al...@coakmail.com wrote: Hello I guess this kind of file

for what file need to run postmap

Hello I guess this kind of file doesn't need to run postmap against it? virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains virtual_alias_domains = /etc/postfix/virtual_alias_domains But this file need postmap after the modification? virtual_alias_maps =

Re: I got an email from "myself?" what the heck!

On 25/10/21 2:59 pm, Thomas Anderson wrote: Here is a clean email: Received: from example.net (unknown [192.168.1.10]) by mail.example.com (Postfix) with ESMTPSA id D7C3F1980059 for; Mon, 25 Oct 2021 03:42:29 +0200 (CEST) Here is a non-clean email: Received: by

Re: I got an email from "myself?" what the heck!

Benny Pedersen: > On 2021-10-25 07:11, Thomas Anderson wrote: > > The IP it came from was outside my network. > > you can reject all evevelope senders if its claims its your domain in > port 25, you will never send it there, never as never, spf is just a > global world protection not needed for

Re: I got an email from "myself?" what the heck!

On 2021-10-25 07:11, Thomas Anderson wrote: The IP it came from was outside my network. you can reject all evevelope senders if its claims its your domain in port 25, you will never send it there, never as never, spf is just a global world protection not needed for postfix to make thar

Re: I got an email from "myself?" what the heck!

On 25/10/2021 4:11 pm, Thomas Anderson wrote: The IP it came from was outside my network. I think it's just a spoofing email. I had not actually seen on, so that raised my alarm, but I think it's ok. I need to go through and make sure my SFP and DMARC are sound. I just checked my DKIM couple

Re: I got an email from "myself?" what the heck!

The IP it came from was outside my network. I think it's just a spoofing email. I had not actually seen on, so that raised my alarm, but I think it's ok. I need to go through and make sure my SFP and DMARC are sound. I just checked my DKIM couple days ago, so that's good. Thanks for the

Re: I got an email from "myself?" what the heck!

My concern is that the email APPEARED to come from me! I was listed as the sender. Any email server can send any email claiming to come from anyone. DKIM Signatures and SPF records working together with DMARC provides a way to verify if a sending email server is authorized to send an email on

I got an email from "myself?" what the heck!

Yes, it was spam, and it was caught by SpamAssassin. It was some bitcoin plot or something. The characters were not anything I could read, and the few I could make out were of a south-east asian descent. My concern is that the email APPEARED to come from me! I was listed as the sender. I

Re: What is the proper value in solrconfig.xml for dovecot?

; > I'm not familiar with Lucene or Solr so I'm uncertain as to what to > set this to. > > Thanks. Presumably you meant to ask this on a dovecot-related mailing list?

What is the proper value in solrconfig.xml for dovecot?

8.8.1, however. I'm wondering if I should change this line to: 8.8.1 Things seems to work fine with the 7.7.0 value but there is a comment in the config file that says: I'm not familiar with Lucene or Solr so I'm uncertain as to what to set this to. Thanks.

Re: What am I missing here?

me important to limit the ways successful authentication can work to only what is necessary. In 2021, no one should need to do authenticated mail submission on port 25. You also can gain simpler and clearer configuration for other sorts of policy enforcement (e.g. spam control) by not having any need to

Re: What am I missing here?

and of > course there is zero potential for those attacks ever working. Since > auth attacks have mostly graduated from "brute force" (i.e. random-ish > guessing) to "credential stuffing" (trying user+password pairs known to > work somewhere else) it has become i

Re: What am I missing here?

tacks have mostly graduated from "brute force" (i.e. random-ish guessing) to "credential stuffing" (trying user+password pairs known to work somewhere else) it has become important to limit the ways successful authentication can work to only what is necessary. In 2021, no one s

Re: What am I missing here?

On Mon, Mar 15, 2021 at 09:07:43AM -0700, Stephen Satchell wrote: > Problem: someone is probing my Ubuntu 20.04 LTS based mail server. > Along with SSH attacks (now mitigated) I had a number of log messages > saying auth failures in Dovecot. When I traced packets generating these > messages,

What am I missing here?

Problem: someone is probing my Ubuntu 20.04 LTS based mail server. Along with SSH attacks (now mitigated) I had a number of log messages saying auth failures in Dovecot. When I traced packets generating these messages, I found that the packets were being directed to 25/tcp -- Postfix. I

Re: What is the right way to update a postfix sqlite database?

Ron Garret: > WAL mode was previously discussed here: > > https://marc.info/?l=postfix-users=160096626120296=2 In other words the reader requires database write permission. I fully agree that is not desirable. > The upshot appears to be this, at least as things currently stand: > > > DO NOT

Re: What is the right way to update a postfix sqlite database?

On Feb 23, 2021, at 11:41 AM, Richard Damon wrote: > On 2/23/21 2:18 PM, Wietse Venema wrote: >> Ron Garret: If we take this route, then there needs to be a new field in the Postfix sqlite config file that controls the time limit. >>> Not necessarily. You could just hard-code a

Re: What is the right way to update a postfix sqlite database?

On 2/23/21 2:18 PM, Wietse Venema wrote: > Ron Garret: >>> If we take this route, then there needs to be a new field in the >>> Postfix sqlite config file that controls the time limit. >> Not necessarily. You could just hard-code a reasonable value (like >> 1 second), or make it a #define so you

Re: What is the right way to update a postfix sqlite database?

Ron Garret: > > If we take this route, then there needs to be a new field in the > > Postfix sqlite config file that controls the time limit. > > Not necessarily. You could just hard-code a reasonable value (like > 1 second), or make it a #define so you need a recompile to change > it. That?s

Re: What is the right way to update a postfix sqlite database?

n in three different places: the query itself (obviously) but also statement preparation and finalization. I’ve seen all three actually happen in practice. So you really want it to wait. That’s a lot simpler, and it guarantees success as long as there are no slow writers (which is a reasonab

Re: What is the right way to update a postfix sqlite database?

retry timeout. SQLite is mostly for embedded use-cases, and support for sharing has warts. > What happens when you update the table while some Postfix code is > READING from the DB? Does the writer also fail? No, only if the writer has no retry timeout. This typically works, but is sub-opt

Re: What is the right way to update a postfix sqlite database?

, it does not retry the operation? What happens when you update the table while some Postfix code is READING from the DB? Does the writer also fail? > result of this is that if Postfix tries to read during a concurrent > update from somewhere else, it fails catastrophically (mail is > a

Re: What is the right way to update a postfix sqlite database?

>>> https://marc.info/?l=postfix-users=160096626120296=2 >>> >>> https://marc.info/?l=postfix-users=151561295721906=2 >>> >>> The problem occurs (AFAICT) because the database file was shared with a >>> spam filter which was writing to the db.

Re: What is the right way to update a postfix sqlite database?

because the database file was shared with a spam > filter which was writing to the db. But that raises the following question: > what is the right way to update a sqlite db used by postfix? The only safe > way I can think of doing it is to actually shut down postifx, update the db, &g

What is the right way to update a postfix sqlite database?

. But that raises the following question: what is the right way to update a sqlite db used by postfix? The only safe way I can think of doing it is to actually shut down postifx, update the db, and then start postfix back up again. But that feels like an overly brutal solution

Re: What is lost by using self-signed certs for TLS?

On Mon, Jul 27, 2020 at 07:53:09PM -0400, Scott Hollenbeck wrote: > If you use them, you're going to need to do some scripting using the > Let's Encrypt renewal hooks and gcloud to update your TLSA record(s) > every time you renew your certificate(s). Viktor does some automated > checking that's

RE: What is lost by using self-signed certs for TLS?

> -Original Message- > From: owner-postfix-us...@postfix.org > On Behalf Of Antonio Leding > Sent: Monday, July 27, 2020 6:56 PM > To: postfix-users@postfix.org > Subject: Re: What is lost by using self-signed certs for TLS? > > Thanks Victor - actually watchin

Re: What is lost by using self-signed certs for TLS?

On Mon, Jul 27, 2020 at 10:55:31PM +, Antonio Leding wrote: > Thanks Victor - actually watching some of the presos now… > > BTW…any choice you like for DNSSEC providers? Google seems like a safe bet > but I figured you might have some feedback on this as well… I self-host, so my direct

Re: What is lost by using self-signed certs for TLS?

Thanks Victor - actually watching some of the presos now… BTW…any choice you like for DNSSEC providers? Google seems like a safe bet but I figured you might have some feedback on this as well… > On Jul 27, 2020, at 3:36 PM, Viktor Dukhovni > wrote: > > On Mon, Jul 27, 2020 at 09:48:29PM

Re: What is lost by using self-signed certs for TLS?

On Mon, Jul 27, 2020 at 09:48:29PM +, Antonio Leding wrote: > Again, great feedback…I am definitely diving into DANE now…may have > more questions but I will try to keep those to a minimum. https://github.com/baknu/DANE-for-SMTP/wiki/2.-Implementation-resources -- Viktor.

Re: What is lost by using self-signed certs for TLS?

Again, great feedback…I am definitely diving into DANE now…may have more questions but I will try to keep those to a minimum. Thanks again Victor - very much appreciated… > On Jul 27, 2020, at 2:44 PM, Viktor Dukhovni > wrote: > > On Mon, Jul 27, 2020 at 08:58:19PM +, Antonio Leding

Re: What is lost by using self-signed certs for TLS?

On Mon, Jul 27, 2020 at 08:58:19PM +, Antonio Leding wrote: > > You can of course use an LE cert, it does not do any obvious harm, > > unless you also do DANE, and neither freeze the key, nor handle TLSA > > updates correctly (in advance of cert deployment). > > So I’m gathering (a) not much

Re: What is lost by using self-signed certs for TLS?

ent by some (i.e. the >> brain deads to which you refer) to allow TLS connections for >> server-to-server communications. > > Without DANE or (weaker) MTA-STS, indeed X.509 authentication of SMTP MX > hosts is mere appearance of security. > >> In any event, people

Re: What is lost by using self-signed certs for TLS?

ntication of SMTP MX hosts is mere appearance of security. > In any event, people do what people do so I guess in order to ensure > my server will employ the highest number of TLS sessions, I should use > a CA-signed cert... That's not the conclusion I reached. My MTA uses a self-signed

Re: What is lost by using self-signed certs for TLS?

. In any event, people do what people do so I guess in order to ensure my server will employ the highest number of TLS sessions, I should use a CA-signed cert... Agreed? > On Jul 25, 2020, at 8:03 PM, Viktor Dukhovni > wrote: > > On Sun, Jul 26, 2020 at 02:45:38AM +, Antonio

Re: What is lost by using self-signed certs for TLS?

On Sun, Jul 26, 2020 at 02:45:38AM +, Antonio Leding wrote: > My goal is to fully understand what is lost by using only self-signed > certs on my PF server. Here’s what I think I know: > > — The fact that the cert is self-signed really only impacts mail > coming into our or

What is lost by using self-signed certs for TLS?

Hello all, Please allow me to apologize in advance for any ignorance here…and also, I have researched and am just not seeing the entire picture here. My goal is to fully understand what is lost by using only self-signed certs on my PF server. Here’s what I think I know: — The fact

Re: What is this?

Friday, February 28, 2020, 8:06:51 PM, Matus UHLAR - fantomas wrote: > On 27.02.20 08:09, Phil Biggs wrote: >>A friend and I experienced this in October last year. >> >>I believe these SYNs have forged source addresses. The objectives being one >>or more of: >>- a DOS attack on the legit owner

  1   2   3   4   5   6   7   8   9   >