[pfx] Re: IP protocol inconsistency

On Tue, Sep 26, 2023 at 11:12:53AM +1000, raf via Postfix-users wrote: > Sadly, I need smtp_address_preference = ipv4 because some > reputation systems (spamhaus, I think) don't realise > that an entity might only have a single ipv6 address. > They seem to think that everyone has at least 64

[pfx] Re: IP protocol inconsistency

On Sun, Sep 24, 2023 at 06:25:36PM -0400, Wietse Venema via Postfix-users wrote: > Wietse Venema via Postfix-users: > > It's a rather long explanation for "why not do X". like several > > times longer than the text that explains what protocol preferences > > do. And this is the only place where

[pfx] Re: Value of client certificates, was: Re: Re: [ext] list.sys4.de fails with starttls

On Mon, Sep 25, 2023 at 10:47:44PM +0200, A. Schulze via Postfix-users wrote: > If operating SMTP clients with a client certificate is so dangerous > and has no value, why would google go that? Not, dangerous, just largely pointless, with *potential* complications, unless there are servers that

[pfx] Re: Value of client certificates, was: Re: Re: [ext] list.sys4.de fails with starttls

A. Schulze via Postfix-users: > Am 25.09.23 um 22:11 schrieb Viktor Dukhovni via Postfix-users: > > ... > > So, unfortunate as it may seem, they just increase > > opportunities for failure, without adding anything by way of security. > > ... > > Client certificates serve no purpose unless the

[pfx] Re: [ext] list.sys4.de fails with starttls

Viktor Dukhovni via Postfix-users: > > > The best solution is [to] configure client certs *sparingly*, only > > > for transports dedicated to destinations that definitely need the > > > client certs, and not otherwise. > > > > Why? I feel a little like I was feeling in the early 2000s when we had

[pfx] Value of client certificates, was: Re: Re: [ext] list.sys4.de fails with starttls

Am 25.09.23 um 22:11 schrieb Viktor Dukhovni via Postfix-users: ... So, unfortunate as it may seem, they just increase opportunities for failure, without adding anything by way of security. ... Client certificates serve no purpose unless the server requests them and knows what to do with them.

[pfx] Re: [ext] list.sys4.de fails with starttls

On Mon, Sep 25, 2023 at 04:24:55PM +0200, Patrick Ben Koetter via Postfix-users wrote: > > Do you have SMTP client TLS connection reuse enabled? If so, TLS > > connections are made via tlsproxy(8), with the smtp(8) client > > unaware of any initialisation issues until STARTTLS. > > Well

[pfx] Re: [ext] list.sys4.de fails with starttls

* Viktor Dukhovni via Postfix-users : > On Sun, Sep 17, 2023 at 06:20:53PM +0200, Patrick Ben Koetter via > Postfix-users wrote: > > > Yesterday we upgraded LE certs and it seems – we haven't had time to > > investigate in that yet – SELinux bite Postfix where it shouldn't. > > Astonishingly

[pfx] Re: IP protocol inconsistency

Polarian via Postfix-users: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Hello, > > This seems to clarify it a lot, I hope that it is added to the current > manpages. It's already on-line. PS it never hurts to choose an accurate subject line. Wietse