On Thu, Jun 10, 2010 at 04:55:30PM +0200, Ralf Hildebrandt wrote:
* Victor Duchovni victor.ducho...@morganstanley.com:
On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote:
If the postmaster address is excluded from spam checks then you
may want to change
On Thu, Jun 10, 2010 at 11:31:49PM +0200, Ralf Hildebrandt wrote:
I heard that there are firewalls/security appliances that supposedly
can distinguish somebody using telnet from a machine speaking SMTP.
I must admit, it sounds feasible (timing between keystrokes etc.), but
little useful.
On Wed, Jun 09, 2010 at 11:25:50AM -0400, Wietse Venema wrote:
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
This is done primarily by OpenSSL, but as Wietse observes:
Victor will have to confirm or deny this,
On Wed, Jun 09, 2010 at 06:30:59PM +0200, Jan C. wrote:
Hello,
ok then t least I know what's the origin of the behavior I had.
On Wed, Jun 9, 2010 at 6:12 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
I guess our documentation has never promised the use of system CAs when
On Wed, Jun 09, 2010 at 06:39:26PM +0200, Jan C. wrote:
On Wed, Jun 9, 2010 at 6:35 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
Probably, although I don't think we've reached a final decision yet...
My preference is to not trust some random list of CAs that came
On Wed, Jun 09, 2010 at 01:34:53PM -0400, Wietse Venema wrote:
I guess our documentation has never promised the use of system CAs when
CApath or CAfile are set, failing to override the system settings is
counter-intuitive, so I can support this change. We'll also have to
document the
On Wed, Jun 09, 2010 at 01:35:03PM -0400, Philippe Chaintreuil wrote:
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
On Tue, Jun 08, 2010 at 09:31:46AM +0200, Jan C. wrote:
I have my postfix set up as a TLS client to other smtp servers. I
point smtp_tls_CApath to a directory where I store my own imported
trusted CAs. My question is whether or not Postfix will also load the
Root CAs stored in /etc/ssl/certs.
On Fri, Jun 04, 2010 at 10:53:58AM -0600, Josh Cason wrote:
So postini wants me to add there servers into the my_network list.
They are giving you the simplest solution to explain, not the best one.
To only
accept e-mail from there servers. To me this is wrong. For send mail they
wanted
On Fri, Jun 04, 2010 at 12:27:56PM -0500, Dan Burkland wrote:
For my Postfix + Postini setup I have the following configuration
options set:
relayhost = PostiniFQDNGoeshHere
mynetworks = 127.0.0.0/8, PostiniIPBLockGoesHere
smtpd_recipient_restrictions =
On Fri, Jun 04, 2010 at 07:59:28PM +0200, Jeroen Geilman wrote:
I think the manual is at best misleading in this statement.
This thread is over I think...
--
Viktor.
On Fri, Jun 04, 2010 at 12:37:14PM -0600, Josh Cason wrote:
I'm just a tad confused.
I currently only have one check client access file. That is
/etc/postfix/access. Do I need another check client access file with
postini's ip range?
I recommended a CIDR access file, e.g.:
# CIDR
On Fri, Jun 04, 2010 at 01:57:17PM -0600, Josh Cason wrote:
Okay So I want to convert my access list into a cidr list. Since postini
has a simple cidr. The problem is I have some nos...@nospam.com addresses
in the access list as well as ip numbers. Can I move the addresses to the
On Fri, Jun 04, 2010 at 08:23:56PM -0700, George wrote:
Clearly we are no good with email servers, so we come to the experts.
Also, not too strong on asking questions that can be answered. :-(
http://www.postfix.org/DEBUG_README.html#mail
Recipient address rejected: User unknown in local
On Wed, Jun 02, 2010 at 10:46:47PM -0400, Matt Hayes wrote:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=214741
Now, I'm not all that bright on how postfix sorts out the hostname, and
frankly, I don't care, but I don't like people saying its a 'bug' when I
have no problems following
On Thu, Jun 03, 2010 at 07:44:58PM +0200, Moe wrote:
I was the guy complaining on IRC, so I'd like to jump in and clarify:
* The bug is still present in 2.7.0, which is not 8 years old
There is no bug. Postfix is working *exactly* as designed. And the
design has been given much thought.
On Thu, Jun 03, 2010 at 06:00:26PM -, Pau Amma wrote:
foo.cf: dbConf.cf.in foo.cf.in
cat dbConf.cf.in foo.cf.in foo.cf
Make that:
foo.cf: dbConf.cf.in foo.cf.in
$(RM) -f foo.cf.tmp
cat dbConf.cf.in foo.cf.in foo.cf.tmp
mv
On Thu, Jun 03, 2010 at 08:26:16PM +0200, Moe wrote:
* Make sure /etc/hosts has something like:
127.0.0.1 tail.call tail
* 'hostname' should return: tail
* 'hostname -f' should now return: tail.call
* 'postconf -d mydomain' will still return: localdomain
Which is correct behaviour. Here
On Thu, Jun 03, 2010 at 08:32:16PM +0200, Moe wrote:
Remember we're talking about the case of auto-detection here
- if someone is not willing to take that risk then they should hardcode
'myhostname' and 'mydomainname' in main.cf, no?
Moreover I'd suggest that postfix may very well accept a
On Thu, Jun 03, 2010 at 08:36:52PM +0200, Moe wrote:
My point is: When 'myhostname' and 'mydomainname' are left out of
main.cf then postfix makes an attempt to auto-detect them.
These are MTA configuration variables.
This auto-detection does not currently follow what other tools like
On Thu, Jun 03, 2010 at 05:47:25PM +0200, gmx wrote:
In our postfix configs, we use multiple queries based on the mysql_table
that only differ by the postfix listener port as configured in the
master.cf.
Generally, users (should and do) combine mysql tables with proxy:
prefixes to reduce the
On Fri, Jun 04, 2010 at 01:57:51AM +0200, Jan Kohnert wrote:
Maybe it got lost due to the language, but: my comment was just sarcasm.
Only brain-damaged users would remove neccessary parameters out off the
config file while expecting things to work somehow out-of-the-box by
magic.
This is
On Fri, Jun 04, 2010 at 11:41:43AM +1000, Paul McGougan wrote:
1. I compose an email from an email account that is hosted on my
limedomains service to an email account that is also hosted on my
limedomains service (it could be the same or a different account as the
FROM account, it doesn't
On Wed, May 26, 2010 at 02:46:39PM +0200, Josef G. Bauer wrote:
Hi Wietse,
thanks for your answer.
/etc/postfix/transport:
.intranet.mydomain.com :
But if an email was addresses to b...@pelikan (without the domain)
wouldn't it be delivered via the relayhost then?
In default
On Wed, Jun 02, 2010 at 05:14:45PM +0200, Proniewski Patrick wrote:
So it appears that the connection between MAILGW and LB is not always
properly closed. Am I wrong?
http://www.postfix.org/postconf.5.html#smtp_connection_cache_on_demand
http://www.postfix.org/CONNECTION_CACHE_README.html
On Wed, Jun 02, 2010 at 07:15:15AM -0700, m listus wrote:
I need to tell postfix to force smtp only for certain senders.
This is up to the senders. If they want to disclose the data, they'll
post it on slashdot, without talking to your SMTP server...
There is not much point in MX hosts,
On Wed, Jun 02, 2010 at 08:21:03AM -0400, cur...@maurand.com wrote:
defer_code = 550
Why?
Why not? I'll look more at the docs.
Because it is an incredibly bad idea. Transient errors need to
generate *transient* (4XX) error response codes. Setting the
defer_code to 5XX is about as
On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote:
Common Name: myserver.domain.com
MX for domain1: smtp.domain1.com
MX for domain2: smtp.domain2.com
Then, how i configure SSL Certificates per domain on Postfix?
References?
How would Postfix know what certificate to
On Tue, Jun 01, 2010 at 12:23:38PM -0500, Terry Inzauro wrote:
Even with SNI support, most SMTP clients will not make use of SNI, so
it will take a long time before SMTP STARTTLS servers can expect to
support multiple certificates for most clients.
Could this be a case where it makes
On Tue, Jun 01, 2010 at 12:42:06PM -0500, /dev/rob0 wrote:
Is SNI defined for SMTP yet? A quick Google search didn't find it.
How would that work? The client would have to tell the hostname or
domain name wanted before the STARTTLS?
SNI works entirely within SSL, the desired hostname is
On Tue, Jun 01, 2010 at 02:09:23PM -0400, Curtis Maurand wrote:
I have in the main.cf
relay_domains= a couple of domains mysql:/etc/postfix/transport.cf
transport_maps = mysql:/etc/postfix/transport.cf
Don't use the transport table directly as a relay domain table, some day
you'll need
I've recently enabled Ephemeral Elliptic Curve Diffie-Hellman (EECDH)
key exchange on our inbound Postfix servers (Postfix compliled and linked
with OpenSSL 1.0.0), by setting:
smtpd_tls_eecdh_grade = strong
Counting recently logged ciphers yields:
33258 DHE-RSA-AES256-SHA
On Fri, May 28, 2010 at 11:56:15AM -0400, Phil Howard wrote:
I'm not disagreeing with this. I think there should be an SMTPS.
Rhetorical question: How would a sending domain know that a particular
receiving domain supports SMTPS?
Clearly SMTPS would not be an alternative to SMTP for MX hosts,
On Fri, May 28, 2010 at 02:35:13PM -0400, Phil Howard wrote:
On Fri, May 28, 2010 at 14:24, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
On Fri, May 28, 2010 at 11:56:15AM -0400, Phil Howard wrote:
I'm not disagreeing with this. ?I think there should be an SMTPS
On Fri, May 28, 2010 at 10:56:26AM -0400, James R. Marcus wrote:
The remote SMTP server is vulnerable to a buffer overflow.
Description :
The remote SMTP server crashes when it is sent a command
with a too long argument.
Please post associated Postfix logs when you are reporting
On Fri, May 28, 2010 at 09:40:38PM +, Charles Account wrote:
Thanks for the quick response.Do you have a configuration suggestion
on how we can relay mail to the secondary serversif we can't initially
deliver them via LMTP?
Use a load-balancer, if you have hot-hot equivalent LMTP servers.
On Thu, May 27, 2010 at 04:01:41PM -0300, Alejandro Cabrera Obed wrote:
OK, this is in case of my Thunderbird Debian lenn package, but what
about the Gmail syntax error warning ??? In Hotmail is the same, it
tells me that the recipient address just must have 1-9, a-z and @
charactersin
On Thu, May 27, 2010 at 03:36:19PM -0400, Pat wrote:
ICANN did not really consider the security and portability of IDNs
before permitting them. The reasons for this are many, and speak
poorly to ICANN's management structure. It is important to remember
that ICANN's action does not mean that
On Wed, May 26, 2010 at 12:42:17PM -0400, Joshua Pettett wrote:
I have a policy server that needs to be able to make policy decisions after a
before-queue content filter. The problem is that the client IP address
reported by the second smtpd instance to the policy server is that of the
On Wed, May 26, 2010 at 01:14:08PM -0400, Joshua Pettett wrote:
On Wednesday 26 May 2010, Victor Duchovni wrote:
On Wed, May 26, 2010 at 12:42:17PM -0400, Joshua Pettett wrote:
I have a policy server that needs to be able to make policy decisions
after a before-queue content filter
On Wed, May 26, 2010 at 03:11:41PM -0300, Alejandro Cabrera Obed wrote:
Dear all, I live in Argentina and now we can use the ?? letter in our
domain names. I have a mail system conformed with Debian Lenny /
Postfix 2.5.5-1.1.
My question is this:
Does Postfix 2.5.5-1.1 support IDN domain
On Wed, May 26, 2010 at 05:53:17PM -0300, Alejandro Cabrera Obed wrote:
Wietse, thanks...but in Postfix I have to work with the ??o??o.com.ar
domain name or with the xn--oo-yjab.gov.ar punycode domain name ???
The latter.
For example, in my mail server I define my virtual domains in
On Tue, May 25, 2010 at 09:09:09AM -0400, Phil Howard wrote:
On Mon, May 24, 2010 at 18:14, mouss mo...@ml.netoyen.net wrote:
As far as I know, it was never standardised.
Good enough reason for me to not use it.
This is the de-facto standard port for the service. Shoot yourself in
the foot
On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote:
Final solution provided by the Openldap mailing list:
Just change your authz-regexp line to
authz-regexp ^uid=([^,]+).*,cn=[^,]*,cn=auth$
ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))
And the
On Mon, May 24, 2010 at 09:18:44PM +0200, Julien Vehent wrote:
=== case 2: authentification succeeds ===
Same authz-regex in slapd, same smtpclient command, I just removed the
smtpd_sasl_local_domain value:
# postconf |grep smtpd_sasl
On Sat, May 22, 2010 at 06:37:57PM +0100, Jonathan Cutting wrote:
Hi All,
I've had a look at the manual for bounced mail, and although I can see that
it is possible to customise the mailer-daemon message for bounced email, I
can't see an option to include the bounced mail inline rather
On Sun, May 23, 2010 at 12:54:34AM +0100, Jo?o Gouveia wrote:
I'm having a weird behavior with my (very simple) postfix configuration.
I was trying to use LDAP to check if I should relay for a domain or not,
like this:
relay_domains = proxy:ldap:/etc/postfix/relay_domains_ldap.cf
The proxy
On Fri, May 21, 2010 at 09:33:51PM +0200, Jeroen Geilman wrote:
Mail that does not contain a text-only representation of the content may
safely be dropped, since it violates the RFCs.
This is false. No RFC requires a text/plain message body.
--
Viktor.
P.S. Morgan Stanley is
On Sat, May 22, 2010 at 01:05:12AM -0400, Mike A. Leonetti wrote:
I posted here before but here is a continuation (in a different issue)
of what's going on.
All aliases are in LDAP. An e-mail is looked up with virtual_alias_maps
and the username (based on the way webmin has it) and not the
On Thu, May 20, 2010 at 01:29:49PM +0300, Eray Aslan wrote:
Berkeley DB 5.0 is out and provides an SQlite-compatible interface.
Having an alternative to SQLite is considered a good thing and there is
some interest in bringing db-5.0 into mainstream use.
Is this the default Berkeley-DB version
On Thu, May 20, 2010 at 09:45:41AM +0200, Matthias Andree wrote:
The only race condition is when a trusted root is deleted which has the
same hash as a trusted root that stays, and the hash.0 link needs to go
while the hash.1 link stays. [...] This is substantially safer than
the crude delete
On Wed, May 19, 2010 at 08:19:40AM +0200, Julien Vehent wrote:
What is in the IMAP server SASL configuration file?
The following:
# grep -E sasl|ldap /etc/imapd.conf |grep -v ^#
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_auto_transition: no
sasl_ldapdb_uri:
On Thu, May 20, 2010 at 12:23:46AM +0200, Julien Vehent wrote:
On Wed, 19 May 2010 14:36:24 -0400, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
This looks different from my recollection of the the smtpd.conf you
posted, you may want to make sure that the sasl_ldapdb_id
On Tue, May 18, 2010 at 05:44:43PM +0200, Julien Vehent wrote:
I want to set up SASL authentication using LDAPDB, but it seems that
postfix connects to LDAP but doesn't send anything to it...
I try to authenticate using 'auth plain base64', and I receive :
535 5.7.8 Error: authentication
On Tue, May 18, 2010 at 07:47:12PM +0200, Julien Vehent wrote:
Is the LDAP library linked into Postfix compiled with Cyrus SASL support?
The ldapdb auxprop plugin needs an LDAP library that can do SASL binds.
If your LDAP library is not SASL (rather than simple bind) enabled, this
may not
On Mon, May 17, 2010 at 10:23:16AM +0300, Eray Aslan wrote:
On 17.05.2010 03:02, Victor Duchovni wrote:
If you want to be really clever, you may be able to hash two copies
of the root CA directories with the same set of certificates each with
a different version of c_rehash
On Sun, May 16, 2010 at 12:52:56AM +0200, Hadmut Danisch wrote:
So relaying and using local domains as sender domains is restricted
with permit_mynetworks, permit_tls_clientcerts, permit_sasl_authenticated.
Works as expected.
There is a difference between permit_tls_clientcerts and
Postfix works fine when compiled and linked with OpenSSL 1.0.0.
However, when migrating from OpenSSL 0.9.8 to OpenSSL 1.0.0, there is
a potential (in)compatibility issue with CApath directories.
If you use a CApath to store root CA certificates for either the Postfix
SMTP client or the Postfix
On Sat, May 15, 2010 at 08:57:00AM +0200, Markus Schwengel wrote:
In this case I don't like the quarantine function because users
(senders) should get some kind of notice that their mail was rejected
because of a virus.
Absolutely NOT. If you ever send any sender notices for viruses here,
you
On Fri, May 14, 2010 at 09:23:12AM -0700, Gary Smith wrote:
I'm sure it's not a probable with postfix, I'm just looking for postfix
cases where they have overcome this type of config issue.
Have you disabled window scaling on your Postfix server. Lost connections
are often the result of
On Fri, May 14, 2010 at 11:20:47AM -0700, Gary Smith wrote:
May 13 04:08:33 host01 postfix/smtpd[10912]: lost connection after DATA from
unknown[82.178.110.201]
Listed on SpamHaus XBL and PBL
May 13 04:08:34 host01 postfix/smtpd[10409]: lost connection after RCPT from
On Fri, May 14, 2010 at 02:06:55PM -0600, David F. wrote:
For a given virtual domain, I would like to send mail with a certain prefix
to another process (via pipe) while all other mail gets delivered normally.
Here are the (hopefully) relevant pieces of my various config files:
On Thu, May 13, 2010 at 12:19:04PM -0400, Kaleb Hosie wrote:
Hello,
In our environment, we have a postfix server that receives mail and forwards
only the HAM onto Exchange.
I have several users that are using notebooks and looking to send and
receive mail remotely. I have Exchange setup to
On Thu, May 13, 2010 at 01:07:00PM -0400, Matt Hayes wrote:
You'll also need keys for host/servername@EXAMPLE.COM where
EXAMPLE.COM is your AD Kerberos realm and servername is the hostname
of your Postfix SMTP server. These should be in /etc/krb5.keytab.
*bows before the master*
Not
On Thu, May 13, 2010 at 02:38:40PM -0600, Robert Lopez wrote:
We have a few postfix servers that receive mail and forward clean
email to the Luminis email / iPlanet.
Users who use portable devices including notebooks, web books, and
smart phones keep asking to be able to send and reply-to
On Tue, May 11, 2010 at 10:40:05AM -0700, Gary Smith wrote:
My question is will this fork process cause any problems with postfix
itself? I just don't know what the impact of a fork in the content_filter
will be.
Just make sure to close stdout and stderr, to avoid writing garbage
into the
On Thu, May 06, 2010 at 03:18:44PM +0530, osuser g wrote:
Does any one know how has access the content on Postfix.org ?
Whom should one contact for updates/improvements to content?
Suggestions for improving the software or reference documentation can be
made on the postfix-devel list.
On Wed, May 05, 2010 at 04:21:37PM +0100, Simon Croome wrote:
We are replacing sendmail as our MTA to Postfix and our internal mail relay
receives mail from our edge MTA server # in the DMZ, once mail is
received then any email address to a staff member for instance : first
name. last name
On Fri, Apr 30, 2010 at 05:54:29PM +0530, Agnello George wrote:
Received: from exampledomain.com (unknown [124.152.35.201])
(Authenticated sender: re...@olvy.com)
by somedom.domain.com(Postfix) with ESMTPA id 9686C5D870E
for mar...@hotmail.com; Tue, 27 Apr 2010 18:41:25 +0530 (IST)
Is
On Tue, Apr 27, 2010 at 11:19:23AM -0400, N. Yaakov Ziskind wrote:
Victor Duchovni wrote (on Thu, Apr 22, 2010 at 01:28:24AM -0400):
Also, at this point, with Postfix driving such a large share of the
Internet email infrastructure,
Can you, please, elucidate on this? Some numbers
On Tue, Apr 27, 2010 at 06:05:06PM -0300, Reinaldo de Carvalho wrote:
On Fri, Apr 16, 2010 at 9:44 PM, Wietse Venema wie...@porcupine.org wrote:
[..]
This is an attempt to describe what it would take to make things
such as header_checks independent of message content order. This
would
On Mon, Apr 26, 2010 at 08:39:04AM -0400, Zachary Burns wrote:
I have a company controller that loves to micro-manage people and
unfortunately loves to do it with software instead of dealing with the
people problem...but anyway I'm getting off on a rant
Is there a way to have postfix
On Mon, Apr 26, 2010 at 02:57:59AM -0700, mohamad rahimi wrote:
I tested authentication with telnet and openssl and I received this error
535 5.7.0 Error: authentication failed: authentication failure
what should I do?
You should tell the whole joke, not just the punch-line (last line of
On Mon, Apr 26, 2010 at 10:14:59AM -0700, mohamad rahimi wrote:
I am not sure this is what you want.
This is exactly it. Much better, thanks.
Trying 130.83.159.162...
Connected to mx.theo.chemie.tu-darmstadt.de.
Escape character is '^]'.
220 mx.theo.chemie.tu-darmstadt.de ESMTP Postfix
On Sun, Apr 25, 2010 at 09:35:37AM -0700, mohamad rahimi wrote:
Unable to authentication to SMTP server mx.mydomain. The server does not
support any compatible secure authentication mechanism but you have chosen
secure authentication. Try switching off secure authentication.
Secure
On Sun, Apr 25, 2010 at 10:18:57AM -0700, mohamad rahimi wrote:
Unable to authentication to SMTP server mx.mydomain. The server does not
support any compatible secure authentication mechanism but you have chosen
secure authentication. Try switching off secure authentication.
Secure
On Fri, Apr 23, 2010 at 09:38:36AM -0600, LuKreme wrote:
When ThunderBird forwards a message, it sends it with the ORIGINAL Date
header:
This hits one of my header_checks for spammy mails:
/^Date:.* 200[0-8]/REJECT Your email has a date
from the past. Fix
On Fri, Apr 23, 2010 at 07:59:17PM +0200, Danny wrote:
So do not tell me that I am on the wrong [...] mailing list.
Hopefully, we can down-case this thread and avoid them fighting words.
We don't know you. Most questions asked on this list are asked by people
who do not know how to ask.
On Fri, Apr 23, 2010 at 11:37:01AM -0600, LuKreme wrote:
Blocking old dates is unlikely to be a very effective anti-spam measure.
I would advise that you turn this filter off.
I've turned it off for now. Certainly blocking FUTURE dates has been
effective in the past.
Yes, blocking
On Fri, Apr 23, 2010 at 03:55:19PM -0400, Jerry wrote:
This is probably a dumb question; however, I was wondering if Postfix
works with gsasl or only Cyrus. I ask because I recently saw a question
regarding this on another forum.
http://www.postfix.org/SASL_README.html
--
On Sat, Apr 24, 2010 at 12:01:05AM -0400, Jeff Mitchell wrote:
On Thu, Apr 22, 2010 at 6:44 PM, The Doctor doc...@doctor.nl2k.ab.ca wrote:
??Out: 220 doctor.nl2k.ab.ca ESMTP Postfix (2.8-20100323)
I know this (probably) has little bearing on the problem at hand, but
if I used experimental
On Thu, Apr 22, 2010 at 06:35:52PM -0400, Bill Cole wrote:
In: DATA
Out: 354 End data withCRLF.CRLF
Out: 451 4.3.0 Error: queue file write error
http://www.postfix.org/SMTPD_PROXY_README.html explains one possible source
of this: inability to connect to a before-queue proxy.
This
On Wed, Apr 21, 2010 at 12:59:15PM +0200, Cyril Vieville wrote:
I made some modifications in the Postfix configuration.
/etc/postfix/main.cf :
mydestination = localhost, localhost.test.com, localhost.testing.com
relay_domains = fr.design.test.com, test.com, testing.com
If your domain
On Wed, Apr 21, 2010 at 11:20:11AM -0600, The Doctor wrote:
Dear Wietse,
There is a bug in Postfix that should looked at immediately.
Dear Doctor, if you don't want to be rediculed and summarily dismissed,
ask humbly for clarification of how things are expected to work and
whether what you
On Wed, Apr 21, 2010 at 04:04:32PM -0400, Russell Horn wrote:
Hi,
I believed I had the whole facebook IP block covered by
/etc/postfix/access by adding the line:
69.63.176.0/20 OK
And recreating the has file.
cidr != hash
Choose one or the other.
cidr:
On Thu, Apr 22, 2010 at 03:45:34AM +0200, Mij wrote:
Postfix appears to be breaking RFC 5321 by speculatively injecting
the entire envelope session passing over replies from the server.
Folks, today is not April 1st, that was 21 days ago. Please, no more
Postfix is fundamentally broken, and
On Tue, Apr 20, 2010 at 12:21:35PM +0200, Gregory BELLIER wrote:
Try again, with a more useful log sample, and configuration settings
for the receiving side. The log sample should include multiple lines
of logging from the SMTP client, showing any TLS handshake, ...
Alright, please take a
On Tue, Apr 20, 2010 at 05:18:48PM +0200, Gregory BELLIER wrote:
I managed to have an authentication but it's really weird. I'm on Debian
Lenny.
In /etc/default/saslauthd on both mta1 and mta2, I have :
START=yes
DESC=SASL Authentication Daemon
NAME=saslauthd
MECHANISMS=shadow
On Tue, Apr 20, 2010 at 05:58:23PM +0200, Jordi Espasa Clofent wrote:
The cert is a wildcard certificate for *.example.com.
What SMTP server name is the MUA configured to use?
Does the MUA support wild-card certificates?
Which CA signed this certificate?
Does the MUA trust this CA?
When the
On Tue, Apr 20, 2010 at 09:37:48PM +0200, Gregory BELLIER wrote:
In the session below, the client did not want to use PLAIN, presumably
because TLS was not in effect. Leave TLS enabled. I asked you to disable
TLS very verbose logging (smtp*_tls_loglevel=0 or 1) not TLS.
Now test with a client
On Tue, Apr 20, 2010 at 05:34:26PM -0500, Noel Jones wrote:
Something like:
# main.cf
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_only
reject_unauth_destination
# sender_only
example.com OK
Warning: use this in smtpd_sender_restrictions as shown
On Mon, Apr 19, 2010 at 06:28:47PM +0200, Gregory BELLIER wrote:
Hi all !
I would like to set up authentication between 2 postfix hosted on Debian
Lenny and until now it doesn't work.
Here is a log sample :
warning: SASL authentication failure: No worthy mechs found
SASL authentication
On Sun, Apr 18, 2010 at 01:26:49PM -0600, The Doctor wrote:
Right I am tyring to get postfix with amavisd-ng to probe and stop
virus and spam mail.
However it seems that localhost is going through without scrutiny and
some incoming e-mail is not being stopped.
Am I missing something?
On Thu, Mar 25, 2010 at 06:16:22PM +0100, Gregory BELLIER wrote:
However, I didn't ask if new code was necessary in Postfix so it can be
aware of a new cipher. As you said, it's automatical. I asked if, in your
opinion, it would be necessary to build postfix (as is) against a new
OpenSSL.
On Fri, Apr 16, 2010 at 09:28:33AM -0700, Stephen Carville wrote:
On Mon, Apr 12, 2010 at 11:38 PM, Franck MAHE m...@civis.net wrote:
How to force some remote smtp server not to use TLS? I found the way
for me to use the clear communication to send emails to specific
domains, but I'm not
On Thu, Apr 15, 2010 at 07:16:58PM -0400, zhong ming wu wrote:
I don't find anywhere in TLS documentation how to make postfix respect a crl
so that client's whose certs have been revoked cannot use the submission
server.
The supported model for submission servers that use client certs is to
On Wed, Apr 14, 2010 at 09:33:34AM -0400, Wietse Venema wrote:
What is the output from the following commands on this machine?
uname -s
uname -r
uname -v
$ ls /usr/include/arpa/nameser_compat.h
/usr/include/arpa/nameser_compat.h
$ uname -s
Darwin
$ uname -r
10.3.0
$ uname -v
On Sat, Mar 27, 2010 at 08:53:03PM -0400, Wietse Venema wrote:
Currently, sites that send valid UTF-8 in MAIL/RCPT commands can
make meaningful LDAP queries in Postfix. Lots of MTAs are 8-bit
clean internally, so this can actually work today.
Do we want to remove this ability from Postfix,
On Tue, Apr 13, 2010 at 08:49:42PM -0700, John Schmitt wrote:
A few lines like this:
Message-ID: 760857006668.qgjlcbdx...@ms49.hinet.net
From: B3AFA6BAF\ olpcxcqkkqc...@aol.com
To: lili928...@yahoo.com.tw
are in the headers of an email message sitting in my yahoo inbox.
If
On Wed, Apr 14, 2010 at 12:54:47PM -0400, Wietse Venema wrote:
I am a bit reluctant at this time to assume that untyped data coming in
that looks like UTF-8, really is UTF-8. Even if the LDAP lookup returns
plausibly useful results, will the UTF-8 envelope survive related
processing in
1001 - 1100 of 2372 matches
Mail list logo
