Re: Trusted vs Verified TLS

On 11.10.22 10:37, Jens Hoffrichter wrote: What are the technical differences between those two methods of connecting? http://www.postfix.org/FORWARD_SECRECY_README.html Last section. Your settings influence how it determines the difference between the two security levels.

Re: 10s of REJECT messages multiple times a day

What is the recommended way to combat this behavior? I'd personally lean towards fail2ban or comparable solutions to aggregate Rejects with other suspicious behaviour on other ports and react with system-wide IP bans. Fail2ban e.g. has examples for catching REJECTs in its wiki:

Re: logging directly to database?

On 22.09.21 04:26, Alex wrote: Yes, thanks. I realize I can do that - it's the "your_script_that_saves_to_sql" part that would be very helpful :-) Not sure if there's a one-size-fits-all script that works in all setups, it's going to be highly individualized. > There's also great difficulty

Re: Certificate Postfix.org missing?

On 23.04.21 08:36, Nicky Thomassen wrote: But there is no need for that on a read-only site like Postfix'. In my opinion, anyway. It's only a read-only site as long as there's no man in the middle attack injecting malicious code into the connection. There's too few people who disable things

Re: Specific DNS server

On 22.04.21 16:08, Lars Liedtke wrote: I know this does not apply to all kinds of setup, but with virtualization and containerization it should be easy to seperate Postfix and provide a different nameserver in resolv.conf for it. Yes, but postfix' builtin chroot isn't sufficient for this.

Re: Postfix redundancy

It really depends on what guarantees you need. Usually on the MTA layer it's fine to just spin up separate instances, and if one email gets lost in the 5 seconds between its receipt being acknowledged and it being forwarded to an MDA, c'est la vie. If that's not acceptable, you need some

Re: Deprecated: white is better than black

On 25.02.21 13:47, Wietse Venema wrote: John Dale: "American concept that racism starts and ends at affecting blacks" This is the Postfix mailing list. Foolist has been renamed into Barlist. Stop the non-technical rant, or be deleted. TBH, you kind of set up yourself for all this discussion

Re: Is there a library for validating gmail's Variants

Not sure why you need a library for this. Strip out all dots, split at + and use the first value for comparison. That's trivial in every language. signature.asc Description: OpenPGP digital signature

Re: postfix for IoT

On 20.01.20 13:14, Wesley Peng wrote: > Hello > > Thanks all answers for kind info. > My requirement is, for example, when refrigerator found there were no > food in itself, it will send an email to remind the people. > But refrigerator may not connect to internet directly, only home router >

Re: Port 25 closed on bulk sending servers

eachable on port 25 doesn't tell you much either. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator ✉ sven.schwe...@tao.at | ☎ +43 680 301 7167 TAO Digital | Teil der TAO Beratungs- & Management GmbH Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach A

Re: Rethinking the Postfix release schedule

On 29.01.19 16:40, Wietse Venema wrote: > A higher release frequency would help to get good code out the door > without having to race against a once-per-year schedule. But, as > mentioned, it also reduces the length of time that a given release > will be supported. IMO not much of a problem, the

Re: server hw sizing

On 2018-10-04 13:40, rmosnicka wrote: > hello, > is exists any dokument for hardware sizing for postfix server ? That will heavily depend on your configuration, especially wrt milters, local transports and the likes. > For example I need something like - for 50 email per day where top is >

Re: Postsuper remote

you need to do that can't be done with SSH already? -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator ✉ sven.schwe...@tao.at | ☎ +43 680 301 7167 TAO Digital | Teil der TAO Beratungs- & Management GmbH Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach A8

Re: Postfix in Docker

Any help is appreciated. > Thank you. > > Regards, > Niels -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator ✉ sven.schwe...@tao.at | ☎ +43 680 301 7167 TAO Digital | Teil der TAO Beratungs- & Management GmbH Lendplatz 45 | FN 213999f/Klagenfurt

Re: Question regarding use of amavisd-new

The site I have this in mind for receives a moderate amount of e-mail per day. IMO I'd stick to amavis – while Rspamd /can/ perform better at large scale, the documentation is awful. So stick to what you know. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator ✉ sven.

Re: Azure Active Directory

On 2016-11-30 09:35, mar...@skjoldebrand.eu wrote: > 2016-11-29 18:25 skrev Viktor Dukhovni: >>> On Nov 29, 2016, at 5:55 AM, Sven Schwedas <sven.schwe...@tao.at> wrote: >>> >>> As long as saslauthd can bind against it like a regular Active Directory >&g

Re: Azure Active Directory

is. As long as saslauthd can bind against it like a regular Active Directory (=LDAP) server, it should work without special configuration inside postfix. > Might be lacking googlefu again - if so appoligies. > > /Martin S -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemad

Re: bits of encryption

bit is good enough and faster; 256 bit has more safety margin against *some* attacks – but not all), some programs prefer one or the other. You'll have to look up whether you can tell your particular client software to prefer 256 bit ciphers, if you want to. > > Original Message > From:

Re: bits of encryption

S-CTR/AES-CBC instead of -GCM, to give tamper resistance. GCM has that built in.) -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 716

Re: WoSign/StartCom CA in the news

s more like > you need to recruit customers for them. Same with the others. Of course they want to stay in business, even if it's dead already. > > > Original Message > From: Sven Schwedas > Sent: Wednesday, September 28, 2016 1:10 AM > To: postfix-users@postfix.org > Subj

Re: WoSign/StartCom CA in the news

> that these CAs are still quite popular overall. >> >> If you're using StartCom/WoSign certs, and rely on them being >> verified by MUAs and/or peer MTAs. you may want to make >> contingency plans if Mozilla and perhaps others go through >> with delisting (or disab

Re: No logs between Apr 25 - 27. What happened?

crashes > - Botched log rotation especially with compression vs. Signals > (logrotate, newsyslog) > - Systemd/journal* malfunction on modern Linux > - File system issues (skipped fsck after a crash) > - Memory and other hw issues > -- Mit freundlichen Grüßen, / Best Regards, Sven S

Re: Decoding base64 emails for content filtering

s, re-inject the mail if appropriate, and set a proper status code. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at sign

Re: Blocking Nessus Scans

Put permit_mynetworks at the end (or drop it entirely, if feasible). > > Any suggestions on how to completely drop these types messages? > > Thanks, > -DB > -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH |

Re: Update to recommended TLS settings

protocol immune to LOGJAM. Is usage of tls_preempt_cipherlist still recommended? -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http