(apologies if i'm reposting this. i forget i hadn't resubscribed before
sending initially)
hi-
i'm having some trouble using ldaps in a lookup map for
virtual_mailbox_domains (among others).
here's my lookup map:
cat virtual_mailbox_domains.cf
version = 3
tls_ca_cert_file =
Victor Duchovni wrote:
On Fri, Jun 26, 2009 at 11:50:12AM -0400, btb wrote:
cat virtual_mailbox_domains.cf
version = 3
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
server_host = ldaps://ldap.example.com
bind_dn = cn=postfix,ou=services,ou=accounts,dc=example,dc=com
bind_pw
Victor Duchovni wrote:
On Fri, Jun 26, 2009 at 02:12:12PM -0400, btb wrote:
testing with postmap returns:
postmap -q 'example.com' ldap:./virtual_mailbox_domains.cf
postmap: warning: dict_ldap_set_tls_options: Unable to allocate new TLS
context -1: Can't contact LDAP server
Have you tried
i've been experimenting with delivery for the virtual domain class to dovecot
via lmtp - e.g.
postconf virtual_transport
virtual_transport = lmtp:[localhost]:lmtp-deliver
this works fine.
out of curiosity, i wondered if the particulars could be somehow moved into a
service definition in
On Mar 13, 2012, at 17.01, mouss wrote:
Le 13/03/2012 19:07, b...@bitrate.net a écrit :
i've been experimenting with delivery for the virtual domain class to
dovecot via lmtp - e.g.
postconf virtual_transport
virtual_transport = lmtp:[localhost]:lmtp-deliver
this works fine.
out of
On 2012.03.19 02.34, mouss wrote:
Le 14/03/2012 03:53, b...@bitrate.net a écrit :
On Mar 13, 2012, at 17.01, mouss wrote:
Le 13/03/2012 19:07, b...@bitrate.net a écrit :
i've been experimenting with delivery for the virtual domain
class to dovecot via lmtp - e.g.
postconf virtual_transport
On Apr 01, 2012, at 11.38, Robinson, Eric wrote:
We only want to install postfix as a null client for sending alerts from our
servers. When I try to install postfix, it wants to install
mysql-libs-5.1.61-1.el6_2.1 as well. I'm afraid this will break our mysql
servers, which are all running
On Apr 01, 2012, at 11.58, Robinson, Eric wrote:
you could always just not install postfix, since installing
an entire mail server isn't at all necessary to simply send
email. i would recommend null client specific software, such
as msmtp, instead. among other things, it would likely
hi-
i recently started using lmtp to deliver to dovecot for filesystem delivery.
previous to that change, i'd used virtual(8), and thus was using
virtual_mailbox_domains/maps, and virtual_alias_maps as well. shortly after
switching, it occurred to me that since postfix was no longer involved
On 2012.04.09 23.32, Viktor Dukhovni wrote:
On Mon, Apr 09, 2012 at 10:21:05PM -0400, b...@bitrate.net wrote:
Given my understanding of address classes, it seemed that in order to use
virtual_alias_maps, those related domains would need to be listed in
virtual_alias_domains.
This assumption
On 2012.04.10 08.32, Wietse Venema wrote:
so the relationship between virtual_alias_maps/virtual_alias_domains is
not quite the same as the relationship between
virtual_mailbox_maps/virtual_mailbox_domains or
relay_recipients/relay_domains?
This is documented in virtual(5).
thanks for the
On Apr 10, 2012, at 10.44, /dev/rob0 wrote:
+ * Note: virtual_alias_maps will be used with other address classes unless
+a given domain is listed in virtual_alias_domains. see the section on
To me, this confuses things more. virtual_alias_maps will be
consulted (and its results
On Apr 11, 2012, at 07.06, Wietse Venema wrote:
No. virtual_alias_maps is ALWAYS consulted, without any unless
conditions.
Wietser
urg, yes, thank you for the patient reminder. i think my approach may have
been backwards with respect to my goal. this patch hopefully better reflects
On Apr 14, 2012, at 13.19, Wietse Venema wrote:
This proposes to add text under VIRTUAL ALIAS domains, that is
important for people who are looking for documentation about
LOCAL/VIRTUAL MAILBOX/RELAY domains. They will never find it.
Wietse
maybe as a note for address classes in
On Apr 14, 2012, at 15.55, Wietse Venema wrote:
The alternatives that I see are
a) Spam every address class description with text that virtual alias
mappings are class-agnostic. Then we would also have to mention
canonical_maps,and other class-agnostic mechanisms.
on one hand, this might
postmap appears to fold to lowercase by default for ldap queries:
postmap -vq '86:A5:5C:85:A3:98:2E:19:7A:54:57:99:76:9D:D5:A3:7E:46:85:C5'
ldap:./ccert_access-test.cf
postmap: name_mask: ipv4
[...]
postmap: dict_ldap_lookup: ./ccert_access-test.cf: Searching with filter
On Apr 26, 2012, at 18.47, Wietse Venema wrote:
postmap appears to fold to lowercase by default for ldap queries:
That is documented under the -f option.
am i misunderstanding the last paragraph under input file format? the
postmap documentation seems to state that case folding happens by
On Apr 26, 2012, at 19.59, Wietse Venema wrote:
When the table is provided via other means such as NIS, LDAP or SQL,
the same lookups are done as for ordinary indexed files.
ok, thanks for the clarification. the impetus for this question - i was
setting up check_ccert_access to use
On Apr 27, 2012, at 11.43, Viktor Dukhovni wrote:
Your LDAP schema should specify certfingerprint as a case-insensitive
attribute. This is a hexadecimal number (with some : characters
thrown in for readability), and the case of A-F is insignificant.
copied/pasted from my previous message-
hi-
i have an mx which then subsequently delivers incoming mail from the internet
to another computer [ via relay_transport =
relay-mda:[mda.example.com]:smtp-relay ] for further processing. while
performing some maintenance on mda.example.com, i'd like to configure postfix
on the mx to
On Oct 28, 2012, at 12.47, thorso...@lavabit.com wrote:
Hi,
I don't want to send emails directly from my server. (I'm going to
connect from a client.)
I have the following settings in main.cf:
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions =
On Jan 24, 2013, at 01.08, Stan Hoeppner wrote:
On 1/23/2013 2:23 PM, Grant wrote:
I thought my postfix setup was configured to send mail on port 587 and
receive mail on port 25, so I was surprised to find that I could send
mail from the local machine on port 25. Is my config OK?
Postfix
On Jan 24, 2013, at 22.57, Stan Hoeppner wrote:
commendably, he is at least making an attempt to properly use submission
[which, btw, is far from useless and has nothing to do with the route a
packet might take].
The primary features of the submission service are TLS encryption and
On Jan 25, 2013, at 13.29, Stan Hoeppner wrote:
On 1/25/2013 10:18 AM, b...@bitrate.net wrote:
On Jan 24, 2013, at 22.57, Stan Hoeppner wrote:
The primary features of the submission service are TLS encryption and
authentication.
the primary feature of the submission service is to
On Jan 25, 2013, at 15.07, Jeff Bernier wrote:
Hello All,
I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac
OS X server (10.5.8). Mailman and Postfix on this system are Apple's
implementation on their platform of course. Apple no longer supports the
Xserve
On Jan 30, 2013, at 09.34, Peter von Nostrand wrote:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
${sender} -d ${recipient}
i'd encourage you to consider delivering to dovecot via lmtp[1] rather than
pipe, and thus to consider using the
On 2013.02.04 13.27, Robert Moskowitz wrote:
http://www.emailsecuritygrader.com
as with most helpful websites like this, this one is perpetuating
misinformation. smtps has long since been deprecated, having been
superseded by starttls. it also would appear to perpetuate the behavior
of
On Feb 26, 2013, at 11.51, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly query for names. Some of these
names are
On Apr 9, 2013, at 19.56, Quanah Gibson-Mount qua...@zimbra.com wrote:
I'm trying to fix my virtual domain configuration with postfix, which as
noted in a prior discussion was done incorrectly by some unknown to me person
in the past.
The main issue right now is that it has:
On Apr 11, 2013, at 20.11, LuKreme krem...@kreme.com wrote:
Reindl Harald opined on Thursday 11-Apr-2013@16:58:28
mynetworks should be genrally used with care and only for specific
address instead whole networks with sooner or later potentially
infected clients which can be banned if using
On 2013.04.12 07.01, LuKreme wrote:
In our previous episode (Thursday, 11-Apr-2013), b...@bitrate.net
said:
you can certainly upgrade without breaking everything. as with
anything else, it just takes some care and consideration. as far
as procmail goes, i'd consider losing procmail to be a
On Apr 12, 2013, at 15.25, Joan Moreau j...@grosjo.net wrote:
Hi,
I am stuck with making my SSL SMTPS (port 465) works, while it was working
fine since ever.
others have helped with the specifics of your question, so i'll address the
philosophical aspect of it :) . while it may take
On Apr 13, 2013, at 15.33, Russell Jones russ...@jonesmail.me wrote:
Hi all,
Upgrading mail server from Postfix 2.9 to 2.10. Could I get a quick sanity
check to ensure my (fairly simple) setup is sane with the new
smtpd_relay_restrictions? Thanks :-)
smtpd_relay_restrictions =
On Apr 13, 2013, at 15.48, Reindl Harald h.rei...@thelounge.net wrote:
Am 13.04.2013 21:42, schrieb b...@bitrate.net:
On Apr 13, 2013, at 15.33, Russell Jones russ...@jonesmail.me wrote:
Hi all,
Upgrading mail server from Postfix 2.9 to 2.10. Could I get a quick sanity
check to
On Apr 13, 2013, at 16.03, Russell Jones russ...@jonesmail.me wrote:
really, neither of permit_mynetworks nor permit_sasl_authenticated belong
in any global restrictions.
smtp auth [e.g sasl] is for submission clients, which should be using
submission/587, and these days,
This is
On Apr 13, 2013, at 16.40, Reindl Harald h.rei...@thelounge.net wrote:
that your discourage use of permit_mynetworks is far from reality as
also do not use SASAL and submission on port 25 as well if someone
asks for ANOTHER sanity check after upgrade to a new version?
i'm not sure why it
On Apr 13, 2013, at 17.10, Russell Jones russ...@jonesmail.me wrote:
On 4/13/2013 3:44 PM, b...@bitrate.net wrote:
you offer no service whatsoever on port 25? postfix is not listening on
that port? if that's truly the case, then, to be pedantic, you're running
an msa, not an mta, in
On 2013.04.22 13.35, Quanah Gibson-Mount wrote:
This started showing up sporadically in our logs after upgrading to
postfix 2.10:
Apr 22 14:42:50 zqa-061 postfix/trivial-rewrite[30487]: warning: do
not list domain zqa-061.eng.vmware.com in BOTH mydestination and
virtual_mailbox_domains
the postfix website seems to be acting unexpectedly. http://www.postfix.org/
appears to have been replaced with what was previously
http://www.postfix.org/documentation.html [and an old version?] rather than
what [iirc] it used to be - http://www.postfix.org/start.html
i thought i'd mention
On 2013.06.20 04.51, Felix Rubio Dalmau wrote:
Hi all,
I have set up a postfix+dovecot+roundcube installation. Currently, I
have
set up these smtpd parameters:
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_discard_ehlo_keyword_address_maps =
On Jun 21, 2013, at 03.50, Felix Rubio Dalmau felixrubiodal...@gmail.com
wrote:
Sorry for disturbing you, Ben
Thank you for your answer, but there is one point I don't fully get: If
I
set up an smtp [25] to offer encryption without auth, a submission [587] to
require encryption
On Jul 3, 2013, at 16.31, Dejan Doder dode...@gmail.com wrote:
Hi group ,
sorry because I have general question
Did anyone have experience with integration posfix and ejabberd ?
integration how? what is your goal?
On Jul 4, 2013, at 20.44, W T Riker wtriker@gmail.com wrote:
On 7/4/2013 8:36 PM, Wietse Venema wrote:
W T Riker:
On 7/4/2013 8:01 PM, Wietse Venema wrote:
gw1500:
It is not clear from the documentation if this is possible or how to do
it but I want to make authentication optional but
On 2013.07.08 08.25, Dotan Cohen wrote:
Form googling I found this solution online but it does not work as I
expected.
instead of googling, simply use the postfix documentation that came with
the software. your goal is accomplished by implementing smtp auth,
which postfix offers by way of
On Jul 9, 2013, at 21.56, Fred Zinsli fred.zin...@shooter.co.nz wrote:
This is something I hadn't considered at all.
In order for me to better understand the consequences of my actions are
you able to explain to me why that is the case, and what situation would
need to arise for that to
On Jul 21, 2013, at 21.55, Adnane m...@adnane.me wrote:
Hello every one
first I'am new to mail servers,
I have followed this tutorial --
https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql?format=print
to set up
an Ubuntu 12.04 Dovecot postfix mail box for a
On 2013.08.06 15.34, John Allen wrote:
Is there a more up to date guide that I could reference as I review my
existing setup.
it's unlikely you'll get much endorsement here of arbitrary howtos or
guides. instead, i'd encourage you to simply share your config
[postconf -nf; postconf -Mf],
On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote:
What is it, besides adding the correct the DNS TXT records
as there is a formal dns rr type for spf defined in rfc4408, you'll of course
want to include that as well.
-ben
On Aug 16, 2013, at 15.06, Scott Kitterman post...@kitterman.com wrote:
I wouldn't bother. It has only very limited deployment and is proposed for
removal in the revision to RFC 4408 that is about to enter IETF last call.
interesting. thank you for calling attention to this.
-ben
On 2013.08.20 10.23, Charles Marcus wrote:
for me at least...
http://www.downforeveryoneorjustme.com/www.postfix.org
On 2013.08.27 00.32, LuKreme wrote:
That seem like a bit much. I allow the web-server (which hosts the
webmail) in mynetworks, since users mailing from there are already
authenticated. I can see there are situations where it would be a
good idea.
web mail users should perform proper smtp
On 2013.09.04 09.29, Przemysław Orzechowski wrote: Hi
Im trying to get cbpolicyd to be applied only to outgoing mail (Postfix
vresion 2.7.0)
you don't apply it to outgoing mail. you apply it to incoming mail [this is
why the terms incoming and outgoing are typically best avoided]
I'm
On Oct 3, 2013, at 06.30, Mark Goodge m...@good-stuff.co.uk wrote:
I know I could solve the problem by using authentication, but a lot of the
outbound email is generated by cron scripts on a server inside the network,
and rewriting all of them to authenticate when sending mail is likely to
On 2013.10.21 17.54, Noel Jones wrote:
On 10/21/2013 3:53 PM, btb wrote:
i have a scenario in which certain email is sent using envelope
senders that contain host names that are known only on the local
lan/network, and unknown on the internet. most mail expressing that
characteristic stays
this stems from another discussion
[http://archives.neohapsis.com/archives/postfix/2013-10/0454.html].
i'm currently doing:
transport_maps = hash:$table_directory/transports
cat transports
example.com example-internal:
foo.example.com smtp:
.example.com
On 2013.10.22 09.56, Noel Jones wrote:
On 10/22/2013 8:41 AM, btb wrote:
On 2013.10.21 17.54, Noel Jones wrote:
On 10/21/2013 3:53 PM, btb wrote:
i have a scenario in which certain email is sent using envelope
senders that contain host names that are known only on the local
lan/network
On 2014.01.22 11.41, Chris Richards wrote:
Basically, I need to find out which users are connecting to port 25
instead of 587.
man 5 postconf. see syslog_name. also see the sample config which
comes with the software. this includes a submission config which uses
syslog_name
-ben
On Feb 15, 2014, at 23.14, SH Development listacco...@starionline.com wrote:
Feb 15 21:12:36 mail postfix/pipe[23969]: 931AF2F4F36:
to=aaa...@mail.starionhost.net,
orig_to=aaa...@stariontech.com, relay=cyrus, delay=0, status=sent
you’ve configured postfix to pass mail to
On Feb 15, 2014, at 23.14, SH Development listacco...@starionline.com wrote:
Feb 15 21:12:36 mail postfix/pipe[23969]: 931AF2F4F36:
to=aaa...@mail.starionhost.net,
orig_to=aaa...@stariontech.com, relay=cyrus, delay=0, status=sent
you’ve configured postfix to pass mail to
hi-
when message_size_limit is exceeded, i see the following logs:
Jun 24 11:20:21 mta postfix/postscreen[5758]: CONNECT from
[173.201.193.182]:45771 to [10.3.70.5]:25
Jun 24 11:20:21 mta postfix/postscreen[5758]: PASS OLD [173.201.193.182]:45771
Jun 24 11:20:21 mta postfix/smtpd[7066]: connect
On Jun 24, 2014, at 19.35, Wietse Venema wie...@porcupine.org wrote:
btb:
Jun 24 11:20:21 mta postfix/postscreen[5758]: CONNECT from
[173.201.193.182]:45771 to [10.3.70.5]:25
Jun 24 11:20:21 mta postfix/postscreen[5758]: PASS OLD
[173.201.193.182]:45771
Jun 24 11:20:21 mta postfix/smtpd
we use recipient address verification amongst some of our own domains. on
occasion, i see the following log entries:
Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: connect from
client.example.com[10.48.40.102]
Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: Anonymous TLS connection
On 2014.07.07 12.25, btb wrote:
we use recipient address verification amongst some of our own domains. on
occasion, i see the following log entries:
Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: connect from
client.example.com[10.48.40.102]
Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545
On 2014.07.07 12.39, Wietse Venema wrote:
Find out why it takes 6.2 seconds to connect over TCP and to
complete the SMTP handshake with the remote SMTP server.
given postscreen_greet_wait, it's a coincidence that the remote server's
postscreen logs show that same delay ~6 second delay, but
with respect to my previous question about address verification, i think
i'm not understanding address_verify_poll_delay correctly. while
working on troubleshooting the 6.2 second delay during the smtp
handshake, i'd set address_verify_poll_delay to 15 seconds, expecting
that postfix would
On Jul 9, 2014, at 18.48, Wietse Venema wie...@porcupine.org wrote:
btb:
with respect to my previous question about address verification, i think
i'm not understanding address_verify_poll_delay correctly. while
working on troubleshooting the 6.2 second delay during the smtp
handshake
On Jul 9, 2014, at 19.35, Wietse Venema wie...@porcupine.org wrote:
address_verify_poll_delay (default: 3s)
The DELAY BETWEEN QUERIES for the completion of an address verification
request in progress.
This specifies the delay betweem the $address_verify_poll_count
queries for one
hi-
if i'm interpreting correctly, the documentation for cleanup(8) says
that (Resent-) From:, To:, Message-Id:, and Date: headers are always
inserted:
The cleanup(8) daemon always performs the following transformations:
· Insert missing message headers: (Resent-) From:, To:, Message-Id:,
On Aug 27, 2014, at 19.36, Wietse Venema wie...@porcupine.org wrote:
btb:
hi-
if i'm interpreting correctly, the documentation for cleanup(8) says
that (Resent-) From:, To:, Message-Id:, and Date: headers are always
inserted:
This is enabled with to local_header_rewrite_clients
hi-
i have a mail submission server [submission/587 only] [msa.example.com]
for our users [config below]. in that context, it's working as desired.
we also have another, separate, msa [msa.systems.example.com], which
servers and other infrastructure devices use for submitting mail. how
On 2014.09.10 14.02, wie...@porcupine.org (Wietse Venema) wrote:
btb:
hi-
i have a mail submission server [submission/587 only] [msa.example.com]
for our users [config below]. in that context, it's working as desired.
we also have another, separate, msa [msa.systems.example.com], which
hi-
i'm not quite certain the subject is an accurate synopsis. apologies if it's
misleading. we have a proprietary system which delivers voicemail messages as
email attachments. it submits mail via submission to postfix, which looks like
this:
Sep 18 16:03:33 msa
On Sep 18, 2014, at 20.17, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Thu, Sep 18, 2014 at 07:51:53PM -0400, btb wrote:
From: postmas...@phonesrv.example.com
To: VOICE/1nnn5551212@phonesrv.example.com
Is that the address or the display name? What is the content
of the complete
On Sep 22, 2014, at 11.41, Wietse Venema wie...@porcupine.org wrote:
This time PLEASE refrain from sidetracking the discussion. I want
to know what will break when the default changes, if that is not
too much to ask for.
Summary:
Until now, Postfix has a default setting
On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote:
Use postconf -d, not postconf -n. -n is for settings in the
configuration file, -d is for the built-in settings which include
the version, release date, and so on.
this reminds me - some time long ago, i happened to notice
On Sep 27, 2014, at 10.42, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Sat, Sep 27, 2014 at 10:24:13AM -0400, b...@bitrate.net wrote:
On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote:
Use postconf -d, not postconf -n. -n is for settings in the
configuration
On Sep 27, 2014, at 10.32, Wietse Venema wie...@porcupine.org wrote:
b...@bitrate.net:
On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote:
Use postconf -d, not postconf -n. -n is for settings in the
configuration file, -d is for the built-in settings which include
the
On Sep 27, 2014, at 11.20, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Sat, Sep 27, 2014 at 10:42:27AM -0400, Wietse Venema wrote:
[root@mail-gw:~]$ postconf -n | grep config_directory
config_directory = /etc/postfix
You're welcome to fix that. I'm now working on other things,
hi-
short version:
i have an mx which, after doing the initial handling [postscreen, etc] of
messages arriving from the internet, relays mail to another computer for
content filtering [amavis/spamassassin]:
relay_transport = lmtp-filter:[mfa.example.com]:lmtp-filter-external
after a message
On Nov 13, 2014, at 15.02, Noel Jones njo...@megan.vbhcs.org wrote:
On 11/13/2014 11:14 AM, b...@bitrate.net wrote:
hi-
short version:
i have an mx which, after doing the initial handling [postscreen, etc] of
messages arriving from the internet, relays mail to another computer for
On Nov 13, 2014, at 13.00, Robert Schetterer r...@sys4.de wrote:
Am 13.11.2014 um 18:14 schrieb b...@bitrate.net:
hi-
short version:
i have an mx which, after doing the initial handling [postscreen, etc] of
messages arriving from the internet, relays mail to another computer for
On Nov 14, 2014, at 14.47, Wietse Venema wie...@porcupine.org wrote:
Alamgir Shamim:
Hello,
Can you please tell me how to configure MSA with postfix. I want to
create all local user in MSA. local user's mail will be delivered in
MSA and out going mail will be forwarded to another mail
hi-
i currently have:
postscreen_access_list = cidr:$table_directory/postscreen_access_list.cidr
with various sized netblocks rejected therein. this all works fine. i have
more than one mx, and would like to store this data in a centralized location
and query over the network instead of
On Dec 15, 2014, at 17.47, Wietse Venema wrote:
btb:
hi-
i currently have:
postscreen_access_list = cidr:$table_directory/postscreen_access_list.cidr
with various sized netblocks rejected therein. this all works
fine. i have more than one mx, and would like to store this data
On 2014.12.15 23.51, Peter wrote:
On 12/16/2014 07:22 AM, btb wrote:
with various sized netblocks rejected therein. this all works fine.
i have more than one mx, and would like to store this data in a
centralized location and query over the network instead of
duplicating the files on each mx
On Feb 08, 2015, at 05.55, John j...@klam.ca wrote:
Is there a way of checking for unnecessary entries in the Postfix main or
master config files.
I was looking through the mailing list and noticed the point that Victor made
about smtpd_tls_session_cache_database being mostly
On 2015.01.15 22.21, Viktor Dukhovni wrote:
On Thu, Jan 15, 2015 at 09:57:53PM -0500, b...@bitrate.net wrote:
i happened to notice that on one of our two mxes, no postscreen activity was
logged between 06:25:09 and 11:54:42:
Jan 15 06:25:09 mta2 postfix/postscreen[22371]: DISCONNECT
On 2015.01.16 09.43, wie...@porcupine.org (Wietse Venema) wrote:
btb:
postconf -Mf
smtp inet n - - - 1 postscreen
Yep, it's chrooted. You need to configure syslog to add a log
socket to the jail, or turn off chroot.
during this period, postfix activity
On 2015.01.22 10.35, wie...@porcupine.org (Wietse Venema) wrote:
btb:
we have a small local blacklist, mostly used for clients which
aren't listed in dnsbls.
postscreen_access_list =
cidr:$table_directory/postscreen_access_list-rejects.cidr
sometimes when a larger netblock gets listed
we have a small local blacklist, mostly used for clients which aren't listed in
dnsbls.
postscreen_access_list =
cidr:$table_directory/postscreen_access_list-rejects.cidr
sometimes when a larger netblock gets listed, it can have the unintended
consequences of blocking well behaved clients
is not
a bot.
btb:
right. we do that now. taking advantage of whitelist negative
scoring to reduce some of the administrative burden would be nice
though, and also avoid the fix it after finding out it's broken
scenario.
Instead of postscreen_access_list, you could use rbldnsd (or
equivalent) to mix
On Feb 14, 2015, at 16.14, John j...@klam.ca wrote:
Does mynetworks have to contain anything other than 127.0.0.1/8 and ::1/128.
for whatever it's worth, my personal preference is to, as a rule, always set
mynetworks to empty. i make an effort to not allow relaying based on source ip
On Mar 05, 2015, at 12.51, Wietse Venema wie...@porcupine.org wrote:
btb:
when reviewing postscreen entries in logs, it's difficult to quickly
grep for entries relevant to a particular session, since the only unique
value in the entry is the pid, which is quite long lived and spans many
when reviewing postscreen entries in logs, it's difficult to quickly
grep for entries relevant to a particular session, since the only unique
value in the entry is the pid, which is quite long lived and spans many
sessions. i wondered how practical it might be to include a unique id
along
hi-
in TLS_README it's instructed to use the following command to compute an sha-1
public key fingerprint:
openssl x509 -in foo.example.com-cert.pem -noout -pubkey | openssl pkey -pubin
-outform DER | openssl dgst -sha1 -c
(stdin)= 7e:8b:82:2e:c8:9a:bc:f9:ae:1a:de:e6:9a:6c:b3:3b:b3:34:21:7a
On Jun 14, 2015, at 18.21, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Sun, Jun 14, 2015 at 02:28:31PM -0400, b...@bitrate.net wrote:
In TLS_README it's instructed to use the following command to compute an
sha-1 public key fingerprint:
$ openssl x509 -in
> On Nov 16, 2015, at 02.53, Vicki Brown wrote:
>
> [...] discards email to non-existent recipient addresses [...]
on a side note, don't accept mail and then discard it. instead, reject it.
-ben
On 2015.12.16 11.35, Wietse Venema wrote:
The client was not listed at some DNSBL
this explains it, thanks. i don't know why, but i was expecting
postscreen to tell me that the client was not listed. i now see in the
docs that it's only logged if postscreen_dnsbl_threshold is met.
-ben
hi-
i've become accustomed to seeing log passages like this:
>grep -iF '[142.4.19.85]:52366' mail.log
Dec 16 09:41:09 mta1 postfix/postscreen[27678]: CONNECT from
[142.4.19.85]:52366 to [10.3.70.6]:25
Dec 16 09:41:15 mta1 postfix/postscreen[27678]: DNSBL rank 5 for
[142.4.19.85]:52366
Dec 16
On 2016.01.26 10.54, Matt Bayliss wrote:
I'm trying to find the correct/best practice method for setting up a
black hole email address for such items as "noreply" addresses when
sending alerts from monitoring devices etc.
if you intend no mail to be sent to this address anyway, and will just
1 - 100 of 120 matches
Mail list logo