If anyone is using LDAP for virtual hosting with a separate search
base for each hosted domain using domain component RDNs, please
reply on list whether the feature below is useful, and whether you
tested the code and found that it works for you (once a handful of
people respond that this is
On Thu, Sep 26, 2013 at 08:17:51PM +0300, Papadopoulos Nikolaos wrote:
We have Postfix ver2.3.3 on RHEL5, which was working fine for several years.
Please find below the output of postconf -n
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
On Thu, Sep 26, 2013 at 01:19:41PM -0600, LuKreme wrote:
Found it in a postconf -n I posted from 2010
virtual_transport = procmail
You MUST also add:
procmail_destination_recipient_limit = 1
On Thu, Sep 26, 2013 at 01:08:37PM -0600, LuKreme wrote:
I have a procmail pipe defined
On Thu, Sep 26, 2013 at 01:03:26PM -0700, Quanah Gibson-Mount wrote:
a) Created 50 users
b) Added a secondary address for the 50 users to an external server
with 50 users (So any email sent to user@server also gets copied to
user@server2).
c) Created a list with the 50 users as members.
On Fri, Sep 27, 2013 at 07:17:08AM +0200, Stefan Foerster wrote:
I've verified I can recreate this issue with a list of 30 users with
the same configuration. I don't see it with a list of 25 users.
I'm sure there's a postconf key that would control this, but I
haven't had any luck
On Sat, Sep 28, 2013 at 12:47:22PM +0200, Peer Heinlein wrote:
Am 27.09.2013 15:07, schrieb Harald Koch:
It took me about 1/2 day to set up MySQL-based virtual users, complete
with mail delivery, SMTP auth, and IMAP/POP auth (this is why I went the
Use dovecot with a simple
On Wed, Oct 02, 2013 at 08:25:48AM +0200, Stefan Foerster wrote:
* Viktor Dukhovni postfix-us...@dukhovni.org:
On Sat, Sep 28, 2013 at 12:47:22PM +0200, Peer Heinlein wrote:
Use dovecot with a simple passwd-file-setup in /etc/dovecot/userdb and a
simple relay-domains setup in Postfix
On Wed, Oct 02, 2013 at 10:17:16AM -0500, List wrote:
We are currently using dovecot for smtp auth, and due to an increase
in spammers abusing smtp auth we setup dovecot to return an invalid
login for user's that have been set to disabled in our
provisioning system. This seemed to work for a
On Wed, Oct 02, 2013 at 10:46:12AM -0500, List wrote:
One thing I noticed
in the documentation regarding smtpd_recipient_restrictions (under
Dangerous use of smtpd_recipient_restrictions) is that recipient
restrictions can result in too permissive access. I wonder if
moving the
On Wed, Oct 02, 2013 at 07:08:48PM +0200, Manuel Bieling wrote:
I wonder if moving the
check_client_access and permit_sasl_authenticated below
reject_unauth_destination would help?
Moving 'check_client_access' below 'reject_unauth_destination'
prevents you from wildcards in
On Wed, Oct 02, 2013 at 03:39:06PM -0400, Micah Anderson wrote:
From my understanding of the way postfix currently operates, there is no
smtpd/stmp TLS setting that can be set that would provide a
configuration that would result in a more 'hardened' configuration,
without causing
On Wed, Oct 02, 2013 at 07:38:42PM -0400, micah wrote:
I suppose there is no way to achieve some middle ground of doing
opportunistic encryption, but for those who are only talking with bad
protocols and ciphers (or clear-text) do a non-permanent failure with a
message about their bad
On Wed, Oct 02, 2013 at 09:51:52PM -0400, micah wrote:
What would be the point? You accept plaintext mail, but reject
mail encrypted with algorithms vulnerable to a costly, but not
infeasible brute-force effort?
No, both plaintext and bad crypto would either be soft rejected with
On Thu, Oct 03, 2013 at 01:49:11PM -0400, Philip Garrett wrote:
I have a special-purpose Postfix 2.6 server that is part of a
content conversion system. I would like to quarantine any outbound
mail that hasn't been transformed properly. I'd also like to
quarantine relay mail that hasn't gone
On Thu, Oct 03, 2013 at 02:48:37PM -0400, micah wrote:
Regarding tighter mandatory parameters on the submission port - any idea
what these could reasonably be? For example, if I disable SSLv2/v3 am I
going to cut off Outlook users?
With Postfix SSLv2 is off by default in the SMTP and LMTP
On Thu, Oct 03, 2013 at 02:45:41PM -0400, Philip Garrett wrote:
On Oct 3, 2013, at 2:09 PM, Viktor Dukhovni postfix-us...@dukhovni.org
wrote:
Your best bet is a multi-instance configation, with separate inbound
and outbound mail processing.
I was afraid of that.
You have
On Fri, Oct 04, 2013 at 11:21:34AM -0400, micah wrote:
By default the server picks the client's most preferred cipher that
is also available on the server. You can set tls_preempt_cipherlist
= yes to have the server use its most preferred cipher supported
by the client. This could break
On Fri, Oct 04, 2013 at 10:11:53PM +0200, Pol Hallen wrote:
After configurated postfix like isp mail server, do I need other things to
do a real mail server (from other ISP)?
So, every real isp in the world can send to me same email?
42.
If the above answer is not sufficiently specific,
On Sat, Oct 05, 2013 at 09:59:23AM -0400, Wietse Venema wrote:
It should be easy enough to count per login name instead of per
SMTP client (after all, those labels are just simple strings that
select a hash-table entry).
However it should not be too easy to exhaust server memory.
In
On Sat, Oct 05, 2013 at 05:55:49PM -0400, Wietse Venema wrote:
Either the use of per login name counters
should be restricted to known logins,
This is for free, there is no such thing as an unknown login.
Not true when per login name counters are updated regardless of
whether the
On Sun, Oct 06, 2013 at 08:52:06PM -0400, Dan Langille wrote:
[ What Noel said, plus see below. ]
10.0.0.1:submission inet n - n - - smtpd
-o smtpd_tls_req_ccert=yes
Fine.
-o smtpd_tls_auth_only=no
This seems silly. Since authentication gets them nowhere,
On Mon, Oct 07, 2013 at 01:45:06PM +0200, Manuel Bieling wrote:
/etc/postfix/master.cf:
smtp-ipv4-only unix - - n - - smtp
inet_protocols=ipv4
smtp-ipv6-only unix - - n - - smtp
inet_protocols=ipv6
On Mon, Oct 07, 2013 at 09:06:09AM -0400, Dan Langille wrote:
# cat /usr/local/etc/postfix-config/main/relay_clientcerts
3A:2E:AB:6A:F1:D4:32:74:C9:C6:DD:2B:8D:2A:87:97 cliff.example.org
This looks like md5, and while still largely resistant to 2nd
preimage attacks, you should still avoid
On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake wrote:
However when I check the config after restarting or reloading postfix the
parameter does not seem to be updated when reviewing postconf -d.
Not surprising, postconf -d returns compiled-in defaults as
documented. This allows you to quickly
On Mon, Oct 07, 2013 at 11:02:35AM -0700, Quanah Gibson-Mount wrote:
Well, I can only speak to what Zimbra does. ;) As you guess, all of
our domains are in subtrees, so right now we use a search base of
. So it certainly seems to me like your patch would allow the
LDAP queries to be more
This thread is becoming repetitive with no new insights, time to
wrap it up.
--
Viktor.
On Mon, Oct 07, 2013 at 01:06:59PM -0600, Blake wrote:
I tried Victor's soltuion adding the code he noted however postfix would
fail to reload or restart generating the following errors.
Oct 7 12:47:32 relay01 postfix[22897]: warning: macro name syntax error:
/etc/postfix/
Your settings
On Mon, Oct 07, 2013 at 03:34:38PM -0600, Blake Farmer wrote:
Method 1
[root@relay01 postfix]# grep cidr main.cf
cidr = cidr:${config_directory}/
mynetworks = ${cidr}mynetworks.cidr
#mynetworks = cidr:/etc/postfix/mynetworks.cidr
The above is broken.
One more thing to keep in mind. When used with mynetworks, as
I already explained the RHS of the table entries is ignored.
Therefore, your attempt at a reject rule:
10.147.11.11 reject
is completely ineffective. If you want to use CIDR rules with
exceptions to define trusted clients,
On Wed, Oct 09, 2013 at 06:09:31PM +0200, Bernardo Pons wrote:
If, for some reason, the files containing messages present in the incoming
directory had to be moved to a temp directory, is it possible to copy them
back to the incoming directory in order to be re-queued by Postfix?
The details
On Thu, Oct 10, 2013 at 12:47:34AM +0200, Dominik George wrote:
Most tools, mainly libc's resolver, seem to ignore the Additional
section and resolve relevant names on their owns, explicitly asking for
the RR types they are itnerested in, and that's what seems to be
appropriate. Postfix,
On Thu, Oct 10, 2013 at 01:58:45AM +0200, Dominik George wrote:
Confirmed, Postfix looks at the answer section only. Claims to
the contrary are based on false speculation.
Hmm, that leads us to the original question:
Why does postfix sometimes not find the record for any given MX?
On Thu, Oct 10, 2013 at 02:39:41AM +0200, Dominik George wrote:
The correct description is:
When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client, for Postfix versions prior to 2.8, will attempt to
connect via IPv6 before attempting to use IPv4. Starting
On Wed, Oct 09, 2013 at 09:21:36PM -0400, Dan Langille wrote:
Don't forget:
main.cf:
smtpd_tls_fingerprint_digest = sha1
Does that have to be in main.cf? I added it to master.cf.
Generally, keeping settings in main.cf is better. Use master.cf
only when settings need to
On Thu, Oct 10, 2013 at 02:20:40PM -0400, micah wrote:
For the purposes of better scaling things out, I would prefer to
maintain a table of certificate fingerprints that I want to deny, rather
than a table of certificates that I want to allow.
You might think so, but you probably have not
On Fri, Oct 11, 2013 at 11:49:14AM -0600, Robert Lopez wrote:
A recent postfix-users thread had comments (about Spamassassin) along the
lines of content inspection being evil by design. (Andreas and Stan)
Participants in email discussions are always tempted to pontificate.
I would not take
On Fri, Oct 11, 2013 at 09:28:38PM +0200, lst_ho...@kwsoft.de wrote:
Even the human recipients sometimes have trouble to decide by content
what is spam, so a automatic detection for such a diffuse target is
doomed to fail.
This is plainly false. A filter does not have to detect all spam.
All
On Mon, Oct 14, 2013 at 08:12:01AM -0400, Dan Langille wrote:
The master.cf has something like this:
64.147.113.42:5587 inet n - n - - smtpd
-o smtp_tls_security_level=encrypt
The above setting is pointless, drop it.
-o
On Tue, Oct 15, 2013 at 03:20:13AM +0200, Michael B?ker wrote:
postfix/smtp[9689]: warning: TLS library problem: 9689:error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
postfix/smtp[9689]: 033661A108A: to=f...@bar.com,
relay=server[X.X.X.X]:587, delay=0.51,
On Tue, Oct 15, 2013 at 12:21:28PM +0200, Michael B?ker wrote:
Oct 15 02:30:04 asterix postfix/smtp[4458]: warning: TLS library problem:
4458:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:337:
Oct 15 02:30:04 asterix postfix/smtp[4458]: 42E021A0F44:
On Wed, Oct 16, 2013 at 10:29:21AM +0200, Michael B?ker wrote:
Add exclude=3DES to the entry table for this server, and you'll likely
be fine. You probably don't need to tweak the protocols.
Adding exclude=3DES or exclude=DES-CBC3-SHA to the smtp_tls_policy_maps
file didn't quite do it,
On Wed, Oct 16, 2013 at 07:52:42PM +0200, Marko Weber | ZBF wrote:
Accept incoming mail only if these certs are presented:
# cat /usr/local/etc/postfix-config/relay_clientcerts
11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44 a.example.org
On Thu, Oct 17, 2013 at 10:16:27AM -0400, Carlos R Laguna wrote:
Hello everyone, for a while now i have ben using ldap groups to create
restriccion classes for manage the access of my users like this
correose_search_base = ou=Groups,dc=jovenclub,dc=cu
correose_query_filter =
On Thu, Oct 17, 2013 at 05:58:16PM +0200, Roel Bouwman wrote:
I have tried duplicating the cleanup and qmgr and rewrite
services in master.cf with a duplicate one, and using the
-o queue_directory and -o ..._service_name and -o default_transport
parameters to seperate traffic flows.
On Thu, Oct 17, 2013 at 01:30:50PM -0400, Wietse Venema wrote:
Roel Bouwman:
I have tried duplicating the cleanup and qmgr and rewrite
services in master.cf with a duplicate one, and using the
-o queue_directory and -o ..._service_name and -o default_transport
parameters to seperate
On Fri, Oct 18, 2013 at 03:17:00PM +0200, Rainer Stransky wrote:
Although I have a content_filter configration (master.cf):
smtp inet n - n - - smtpd
-o content_filter = filter:dummy
Also, white-space is not allowed in master.cf option values. Make
On Fri, Oct 18, 2013 at 01:56:18PM +0100, Jose Borges Ferreira wrote:
On Thu, Oct 17, 2013 at 8:45 PM, Roel Bouwman r...@qsp.nl wrote:
@Jose: thanks for the suggestion, but sender_dependent transport
maps are not a solution here. As in this case, it's not the sender
address, but the
On Fri, Oct 18, 2013 at 03:15:49PM +0100, Mark Berry wrote:
However at other times they can take 30 minutes or more to all go.
Slow cleanup(8) processing or disk I/O contention. Another
possibility is a syslog daemon configured to do synchronous writes
for every log entry (stresses the disk
On Fri, Oct 18, 2013 at 04:32:54PM +0200, Benny Pedersen wrote:
francis picabia skrev den 2013-10-18 16:04:
# smtpinet n - n -60 smtpd
If I turn off smtp there, then smtp service can't accept LAN
connections on port 25.
127.0.0.1:smtpinet n -
On Fri, Oct 18, 2013 at 05:25:10PM +0200, Dominik George wrote:
No, that also turns off SMTP for LAN clients.
Then.. Put your LAN IP there :D.
- Typically there is no LAN IP vs WAN IP for a machine that is not
dual-homed (e.g. a router). So let's not righteously proclaim
unusable
On Fri, Oct 18, 2013 at 06:19:14PM +0200, Benny Pedersen wrote:
Viktor Dukhovni skrev den 2013-10-18 16:44:
No, that also turns off SMTP for LAN clients.
not if adding one more pr lan ip
192.168.0.1:smtpinet n - n -60 smtpd
This presumes a machine
On Fri, Oct 18, 2013 at 01:38:22PM -0300, francis picabia wrote:
- There are no Postfix issues here. The OP is looking for help
with iptables.
No, I posted here to ask about the postfix config. There are other places
I would ask about iptables. I was suspecting something misconfigured,
On Fri, Oct 18, 2013 at 02:48:55PM -0300, francis picabia wrote:
OK, with the syslog entry Noel suggested, I can see traffic has arrived on
submission port. Yet if I grep for the IP connecting, I see no sasl login.
Oct 18 14:39:24 myserver postfix-internal/submission/smtpd[25329]:
connect
On Fri, Oct 18, 2013 at 01:24:09PM -0500, Noel Jones wrote:
smtpd_recipient_restrictions = reject_unlisted_recipient,
reject_unknown_recipient_domain, check_recipient_access
hash:/etc/postfix-internal/recipient_access,
permit_sasl_authenticated, permit_mynetworks, reject
The only way
On Fri, Oct 18, 2013 at 10:49:33PM +0200, Alexandre Ellert wrote:
Postfix currently does not apply content filters to mail that is
forwarded or aliased internally, or to mail that is generated internally
such as bounces or Postmaster notifications. This may be a problem when
you want to apply
On Fri, Oct 18, 2013 at 10:56:59AM -0500, List wrote:
For example we have the address distgr...@domain.tld which
is an alias to 3000 local users.
What kind of alias? Are you using virtual(5) aliases via
virtual_alias_maps, and with backend database, the database schema
and query used as
On Sun, Oct 20, 2013 at 08:55:33PM +0300, Deniss wrote:
I have an issue with postfix-2.10.2 and latest MS
windows/exchange/outlook: SSL connection cannot be negotiated with
default settings, there is an error in postfix log:
Oct 20 20:13:41 box postfix/smtp[21730]: warning: TLS library
On Sun, Oct 20, 2013 at 09:25:55PM +0200, Alexandre Ellert wrote:
Wietse, you said that it's not safe to use internal_mail_filter_classes
= bounce.
What are your recommandation ?
Why do you need to send outbound bounces on the border MTA itself?
You should not accept inbound mail that is
On Mon, Oct 21, 2013 at 05:01:45PM +0300, Maksim Kulik wrote:
I have postfix 2.10 on freebsd 9.2.
Which 2.10? (2.10.0, 2.10.1, 2.10.2?)
Which version of OpenSSL?
When i try to send some emails, i get following in mail log:
smtp[7038]: imx6.ngs.ru[195.19.71.16]:25: EHLO 1gb.by
smtp[7038]:
On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
This organization uses SHA256 signatures for their certificates, even
On Mon, Oct 21, 2013 at 10:07:13AM -0500, Noel Jones wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
Looks as if they use a private root CA. Probably the easiest fix is
to
On Mon, Oct 21, 2013 at 03:30:46PM +, Viktor Dukhovni wrote:
On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
On Mon, Oct 21, 2013 at 08:02:33PM +0300, Maksim Kulik wrote:
Postfix version - postfix-2.10.1,1
Probably immaterial. In Postfix 2.11-20131001 you can disable SSL
compression, which seems to be broken below. Sure seems like a
buggy OpenSSL or zlib.
Openssl version - openssl-1.0.1_8
When
On Mon, Oct 21, 2013 at 01:20:25PM -0500, List wrote:
What kind of alias? Are you using virtual(5) aliases via
virtual_alias_maps, and with backend database, the database schema
and query used as well as information about available indexes may
be pertinent?
Or are you using local
On Mon, Oct 21, 2013 at 10:22:05PM +0300, Deniss wrote:
Show all related logging from process 21730.
Oct 21 21:35:01 box postfix/smtp[19887]:
warning: TLS library problem: 19887:error:1408F10B:
SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
Oct 21 21:35:01 box
On Mon, Oct 21, 2013 at 09:51:01PM +0300, Maksim Kulik wrote:
Report the output of:
ldd bin/posttls-finger
ldd posttls-finger
posttls-finger:
libssl.so.8 = /usr/local/lib/libssl.so.8 (0x800ac1000)
libcrypto.so.8 = /usr/local/lib/libcrypto.so.8 (0x800d29000)
Interestingly, this
On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
postfix/smtp[7411]: warning: TLS library problem:
7411:error:100AE081:elliptic curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to only ECC NIST Suite B curves support?
postfix was
On Mon, Oct 21, 2013 at 11:49:48PM +0200, li...@rhsoft.net wrote:
since you sound very knowledgeable about SSL may you consider
to make a comment there?
https://bugzilla.redhat.com/show_bug.cgi?id=1019251
I have enough fish to fry. The problem is obvious, client promises
EECDH
On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated, the
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
This is NOT progress. No support for EC is better than broken
support for EC. Either implement EC support or don't.
yes, frustrating, but better start with something crippled and
hope it improves than wait another 6
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated,
On Tue, Oct 22, 2013 at 01:15:06PM +0300, Deniss wrote:
So this is definitely a version of the broken Windows TLS ciphersuite
problem. If you must use TLS with this server, disable TLSv1.2
and 3DES, allow medium grade ciphers (i.e. RC4) and make sure your
policy tables, ... are
On Tue, Oct 22, 2013 at 11:07:07AM +0200, Tobias Reckhard wrote:
Maybe fingerprinting would work, though. I'll give it a shot on a test
system. Thanks for the suggestion.
Fingerprinting the leaf certificate will work until the next time
they deploy a new leaf certificate without notifying you
On Tue, Oct 22, 2013 at 11:01:22AM +0200, Tobias Reckhard wrote:
The most recent patch levels
of Postfix 2.7, 2.8, 2.9 and 2.10 have support for SHA256 turned for
SSL/TLS.
postfix 2.8.5 is available as a backport for Ubuntu 10.04 LTS. I've
suggested upgrading to that, since it should
On Tue, Oct 22, 2013 at 10:58:46AM -0400, Wietse Venema wrote:
Fingerprinting the leaf certificate will work until the next time
they deploy a new leaf certificate without notifying you in advance.
This is because fingerprint security does not rely on a valid chain
of signatures from a
On Wed, Oct 23, 2013 at 09:39:36AM +0200, Tobias Reckhard wrote:
with instructions on how to extract public key digests from X.509
certs also at:
http://www.postfix.org/postconf.5.html#smtp_tls_fingerprint_digest
Those instructions had me confused a bit, I think I now see why. I'd
On Wed, Oct 23, 2013 at 11:24:13AM -0400, btb wrote:
i'm wondering if this could be done in a different manner, that
wouldn't require the explicit smtp reference for foo.example.com -
for example:
example.com example-internal:
.example.com!foo.example.com
On Tue, Oct 22, 2013 at 06:07:49AM +, Viktor Dukhovni wrote:
Follow-up, comments after a brief email discussion with Paul Wouters
of RedHat:
* Firstly, client TLS extensions are not possible when the client starts
with an SSLv2 compatible SSL HELLO. So the list of supported curves
On Thu, Oct 24, 2013 at 07:59:46AM +0200, Tobias Reckhard wrote:
Support for public key fingerprints was added in Postfix 2.9, ...
This is stated at the beginning of the section dealing with
fingerprints. Further down, where the actual openssl commands are noted,
there is no such note.
On Thu, Oct 24, 2013 at 10:00:00AM -0500, /dev/rob0 wrote:
Is there a better way?
Nested, if/endif:
if /@example\.(com|net|org)$/
/^(info|contact|etc)@ localuser@mydestination.domain
endif
This is all silly, the list of virtual alias domains is known, use
a Makefile to generate
On Fri, Oct 25, 2013 at 02:21:11PM -0500, Noel Jones wrote:
1. block all *.linkedin.com clients BEFORE any
permit_sasl_authenticated statement. This will also have the effect
of blocking all incoming linkedin mail. That may be a little too
strict for some folks, or maybe just fine with
On Fri, Oct 25, 2013 at 04:07:11PM -0400, Charles Marcus wrote:
But should this check go directly on the submission service, ie:
submission inet n - n - - smtpd
-o syslog_name=postfix-587 -o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
On Sun, Oct 27, 2013 at 12:01:47PM -0400, Charles Marcus wrote:
But... in the postconf -n output, used parameters have only ONE
space between the parameter name and the parameter argument (in
spite of the fact that there are actually two spaces in main.cf),
while unused parameter have two
On Mon, Oct 28, 2013 at 05:54:51PM +0200, KSB wrote:
Hello!
Have the similar problem:
It is exactly the same problem, with exactly the same solution.
Oct 22 17:12:12 awtech postfix/smtp[17586]: warning: TLS library
problem: 17586:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version
On Mon, Oct 28, 2013 at 04:17:13PM +, Viktor Dukhovni wrote:
What else info I need to supply, to figure out what is wrong?
tls_policy:
# opportunistic, season to taste
trialtolatvia.lv may exclude=3DES:aNULL
main.cf:
indexed = ${default_database_type
On Sat, Nov 02, 2013 at 04:17:11PM -0500, c cc wrote:
In /var/log/maillog, I do not see any outbound emails being logged, only
inbound emails. Did I misconfigure anything? Thanks!
Assuming you're talking about Postfix, if Postfix is logging incoming
mail then Postfix incoming mail is handled
On Sat, Nov 02, 2013 at 04:51:57PM -0500, c cc wrote:
Thanks for your help! Here is the postconf -n.
Did I ask for just postconf -n?
On Sat, Nov 2, 2013 at 4:30 PM, Viktor Dukhovni
postfix-us...@dukhovni.orgwrote:
On Sat, Nov 02, 2013 at 04:17:11PM -0500, c cc wrote:
In /var/log
On Tue, Nov 05, 2013 at 07:24:03PM +0200, Merve Temizer wrote:
http://www.postfix.org/SASL_README.html#auxprop_ldapdb
there is a statement that if i need to use encrypted password, there is no
documentation for explaining Postfix's LDAP authentication with encrypted
password.
Is there a
On Wed, Oct 16, 2013 at 01:59:51PM +, Viktor Dukhovni wrote:
exchangerelay unix - - n - - smtp
-o smtp_sasl_mechanism_filter=!gssapi,login
To support Exchange MSAs on Windows 2003 generically (less critical
state in per-relay policy entries):
exchangerelay unix - - n
On Thu, Nov 07, 2013 at 11:21:15PM +0100, Tobi wrote:
Copy the *SAME* config file to different machines and try:
$ postmap -q '192.167.34.21' mysql:/path/to/config-file
Are the results different?
Yes they are. On the two other machines the file works
root@mail1:~# postmap -q
On Thu, Nov 07, 2013 at 11:31:03PM +0100, li...@rhsoft.net wrote:
http://www.postfix.org/TLS_README.html#server_tls
Am I overlooking something or is it not possible to list explicit
offered ciphers and their order like dovecot/httpd for smtpd?
Postfix provides a more natural user interface
On Thu, Nov 07, 2013 at 11:46:43PM +0100, Tobi wrote:
If the ip/port are different, it is not the *SAME* configuration.
I know but it's not possible otherwise. The two other server reach
the mysql-cluster via other ips/ports.
Do double-check that 3rd configuration file, make sure it contains
On Fri, Nov 08, 2013 at 12:27:13AM +0100, li...@rhsoft.net wrote:
If you MUST muck around with raw OpenSSL cipherlists, the underlying
tls_grade_cipherlist
parameters are present and documented, along with appropriate
warnings to not go there.
Note that Postfix will still
On Fri, Nov 08, 2013 at 01:05:33AM +0100, li...@rhsoft.net wrote:
Note that Postfix will still apply implicit and configured exclusions
to these based on context (!aNULL when verifying peer certificates)
READ THE ABOVE Note carefully. The exclusions are applied on
top of the cipher
On Fri, Nov 08, 2013 at 01:17:54AM +, Viktor Dukhovni wrote:
With smtpd(8) there are no implicit exclusions so you can build the
full list yourself if you want. For example with opportunistic TLS
(may):
One minor correction, with either of:
smtpd_tls_ask_ccert = yes
On Thu, Nov 07, 2013 at 08:58:47PM -0600, Stan Hoeppner wrote:
On 11/7/2013 7:52 PM, Roman Gelfand wrote:
Wouldn't the server be chosen round robin as opposed to random?
This would require too much complex code for what is a simple Postfix
operation. Your example is poor man's round
On Fri, Nov 08, 2013 at 03:45:03PM +0100, Tobi wrote:
The error message is 99.999% not from mysql. Because when I remove the
backticks around the table name then I get an error from mysql which
looks different
That error is also from MySQL. Postfix does not parse SQL queries,
the database
On Mon, Nov 11, 2013 at 07:18:01PM +0100, Ansgar Wiechers wrote:
I consider this a bug, not a feature. Neither the manual for
virtual_mailbox_maps nor the one for virtual_alias_maps says that the
restriction from virtual_mailbox_maps is being ignored if there is a
valid virtual_alias_maps
On Tue, Nov 12, 2013 at 09:57:41AM -0500, Wietse Venema wrote:
Robert Schetterer:
2013-11-12T03:12:45.129959+01:00 mail postfix/smtpd[13775]:
3dJXXs0vySz10tc: client=mail.r0.3dz.com[5.9.40.9]
2013-11-12T03:12:47.707119+01:00 mail postfix/cleanup[27219]:
warning: 3dJXXs0vySz10tc:
On Wed, Nov 13, 2013 at 08:34:51AM -0800, boson code wrote:
Whenever I try to send an email from my server, I get the following error:
Nov 13 06:37:21 xyz postfix/smtpd[6730]:connect from unknown[a.b.c.d]
Nov 13 06:37:21 xyz postfix/smtp[6729]: warning: host X.com[x.y.z.d]:25
greeted me
701 - 800 of 6456 matches
Mail list logo