[pfx] Stupid questions

SPF, DKIM, and DMARC all pass at gmail. Thanks, Curtis ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Postfix: running a script on authentication failure

a long list of banned ip addresses in my system. I've also changed the length of time addresses get banned for from hours to months. --Curtis ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

that it's documentation is cryptic and not for the faint of heart.  They surely don't stick to the KISS method. -- Curtis https://curtis.maurand.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

been running rspamd for nearly a year and I've been very happy with it.  It's a huge improvement over amavis/spamassassin. It is very fast. --Curtis -- Curtis https://curtis.maurand.com ___ Postfix-users mailing list -- postfix-users@postfix.org

Re: [EXTERNAL] Re: Mail queue took 3 hours to recover from a flood. Suggestions ?

where do I find smtp-amavis connect timeout ? Tweaking the timeouts won't help in this case, the real issue is Amavis performance.  Disable the content inspection features that make it slow, or replace Amavis with something faster. -- Viktor. -- Curtis https://curtis.maurand.com

Re: mail.protection.outlook.com rejections

Sadly MS is as fallible as the rest of us. Sent from my iPhone > On Nov 2, 2022, at 4:56 AM, Linkcheck wrote: > > Thanks, Viktor. That's interesting. You'd think someone like MS could get it > right. :( >

Re: Odd DNS issue requiring reboot.

able systemd-resolvd and dnsmasq.  speeds things up dramatically.  Makes things much more reliable.  I have much harsher opinions about systemd, but that's not for this list. --Curtis -- Curtis https://curtis.maurand.com

Re: Where to place spamhaus tests

I might also suggest pdns-recursor. very fast. Sent from my iPhone > On Aug 8, 2022, at 4:18 PM, Demi Marie Obenour wrote: > > On 8/7/22 09:50, Linkcheck wrote: >>> On 07/08/2022 1:12 pm, Rob McGee wrote: >>> dig 2.0.0.127.zen.spamhaus.org. any >> >> ANY has to be after DIG, not at the end,

Re: Postfix-fg and maillog_file to stdout

using syslog-ng within the container. > Em sáb., 6 de nov. de 2021 às 09:56, Curtis Maurand < > cur...@maurand.com> escreveu: > > On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote: > > > One last thing, is it possible to change the date format of the > > > out

Re: Postfix-fg and maillog_file to stdout

On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote: > One last thing, is it possible to change the date format of the > output? > Current format: > Nov 05 13:20:06 smtp21 postfix/smtp[136]: 9D86C60BBE > > I'd like to use ISO format: > 2021-10-29T19:37:52.017684-03:00 smtp21 postfix/smtp > >

Re: How to tell postfix to be more verbose on the smtp port?

would be a compelling choice of an an SMTP server for students new to network protocols looking for verbose error messages. I did a search and found this about custom bounce messages. https://www.howtoforge.com/configure-custom-postfix-bounce-messages Cheers, --Curtis

Re: Warning: Hostname Does Not Resolve

your a record and fqdn, your helo/ehlo hostname and the ptr record all need to match. Sent from my iPhone > On Mar 9, 2021, at 12:36 PM, Greg Sims wrote: > >  > We are receiving the following in our email logs: > > Mar 09 08:12:15 mail01.raystedman.org postfix/smtpd[13431]: warning:

Re: Deprecated: white is better than black

I totally agree with this and I am going to work to scrub the prior terminology from my system. Thank you, Wietse —Curtis Sent from my iPhone > On Feb 24, 2021, at 12:12 PM, Wietse Venema wrote: > > The following is from the postfix-3.6-20210221 release notes. > >Wiet

Re: Mail from @somedomain.tld allowed only from some CIDR ranges?

y the policy says all incoming mail from x.tld should come from spf.protection.outlook.com not the ip address that google owns from which the message originated. Cheers, Curtis

Re: Corner cases in SSL_shutdown.

-Curtis Sent from my iPhone > On Feb 2, 2021, at 10:31 AM, Bill Cole > wrote: > > On 2 Feb 2021, at 9:49, Leo Bicknell wrote: > >> Perhaps Postfix does not support returning to clear text from a STARTTLS >> session and doing futher protocol operations. I have not

Re: New postfix server, authentication confusion

for the blackhole lists, etc. take a look ar mxtoolbox.com postfix should be passing sasl requests to dovecot’s imap process. I use a tool called ispconfig which sets all of this up along with other tools such as clamav, rspamd or amavisd along with per user policies. my $0.02. I like its

Re: Ignoring a failing dictionary ?

Sent from my iPhone > On Jan 20, 2021, at 10:27 AM, Jaroslaw Rafa wrote: > > Dnia 20.01.2021 o godz. 15:48:29 Ganael Laplanche pisze: >>> So just try to create some simple "proxy" to your LDAP server that does only >>> one thing: if LDAP is available, just return the response from LDAP; if

Re: Ignoring a failing dictionary ?

apabilities. stop the ldap server, restore the database from the snapshot, start the server. that can also be automated and have it happen in seconds. —Curtis Sent from my iPhone

Re: Reject email containing Google forms

How about a general sieve rule in your dovecot server or a filter in your delivery agent? Sent from my iPhone > On Dec 1, 2020, at 5:11 PM, lists wrote: > > About 70% of my spam these days contains links to Google Forms. I've been > googling for tips on how to reject such email but Google

Re: Recommended milters for small setup

October 15 2020 3:33 PM, "Patrick Ben Koetter" wrote: > * Ian Evans : > >> The long story short is that due to dealing with family medical issues over >> the past few years, my Combo web/postfix server is still on Ubuntu 14.04. >> >> In a couple of months I will have some time to upgrade.

Re: Raw postfix newbie here...

> On Aug 9, 2020, at 8:09 PM, Viktor Dukhovni > wrote: > > - Mail to managed lists with an owner-alias >- Mail to pipes >- Mail to :include:/some/file lists. this can be put into the transports table and you can skip the /etc/aliases altogether.

Re: Postfix behind NAT -> failover IP -> wrong HELO

easier than that.  use linux heartbeat on the two postfix service. the failover happens within seconds.  use the unison file system to keep the spool folders and other necessary folders needed to pick up on the failover machine and when the primary fails, whatever services that need to be

Re: Postfix behind NAT -> failover IP -> wrong HELO

sets both the external address AND Postfix settings. Wietse Wietse's solution is better.  what he said. --Curtis

Re: Postfix behind NAT -> failover IP -> wrong HELO

It's part of the config in main.cf You can specify "myhostname" myhostname = host.domain.tld Cheers, Curtis On 6/30/20 4:55 PM, Istvan Prosinger wrote: On 6/30/20 10:34 PM, Wietse Venema wrote: Istvan Prosinger: On 6/30/20 9:49 PM, Wietse Venema wrote: Istvan Prosinger:

Re: Postfix "IPv6-only" - experience/recommendation question

In message "michae...@rocketmail.com" writes: > THANKS to a all who answered!!! > > A lot of shared experience, learned a lot, cool. It's always very > interesting how threads are meandering, somehow, adding new aspects to > unasked but also relevant questions. Crowd as it's best :-)

Re: Postfix "IPv6-only" - experience/recommendation question

mple.com if you can only get one IPv4 address. Hope this helps. Curtis > - EOM for impatient readers :-) --- > > Hi patient readers :-) > > reason for my question: > > I'm running my own small postfix/dovecot etc. environment on a > VPS. Running fine for years

Re: Query

you could set up the mail aliases in transport maps to pass them to mailman Sent from my iPhone > On Feb 14, 2020, at 10:43 AM, Peter Fraser wrote: > >  > Hi All > I am trying to figure out how to get this working. I run Mailman through > Postfix. The Mailman aliases are in alias_maps. I

Re: Building recipient maps from Exchange/O365

On 2/9/20 12:39 PM, Gerard E. Seibert wrote: On Sun, 9 Feb 2020 07:56:53 -0500, Curtis Maurand stated: it should be. use ldap. active directory is nothing but a glorified ldap server and listens on port 389. If it were ldap over ssl the port is 636 I believe. I stand corrected.

Re: Building recipient maps from Exchange/O365

it should be. use ldap. active directory is nothing but a glorified ldap server and listens on port 389. Sent from my iPhone > On Feb 9, 2020, at 7:04 AM, John Regan wrote: > >  > Hi, > > Is it possible for postfix to directly access the email addresses or userlist > from an Exchange

Re: [OT] why ATT.net still host its email on Verizon Yahoo

Not competitors. Oligarchs. Colluders market fixers. Competition killers. Sent from my iPhone > On Sep 17, 2019, at 4:44 AM, Wesley Peng wrote: > > Hello, > > though this is a little OT, but I was curious since verizon has bought yahoo > for long days, why ATT still host its customer email

Re: warning: hostname dc1.xxx.com.au does not resolve to address xxx.xxx.73.197

-response-to-ehlo-helo?forum=exchangesvradmin Cheers, Curtis On 7/1/19 1:24 AM, subscription1 wrote: I'd appreciate you help with the following: I'm looking after two server on 2 differents domains. During testing I found the following issue. On the sending server I get the following Jul  1 14:18

Re: Authentication attempts for x...@com.au addresses

a resource hog as it is. Cheers, Curtis -- Best Regards Curtis Maurand mailto:cur...@maurand.com

Re: consolidate virtual and relay_recipients files

possible, I would like to avoid writing a list of all my user mailbox @ all domain names neither in virtual, nor in relay_recipients file. Thanks a lot for your help. Samuel -- Best Regards Curtis Maurand mailto:cur...@maurand.com

Re: postscreen_dnsbl_action "drop" not working correctly?

layers. DNS has become very ugly as Google and Cloudflare attempt to monopolize it. -- Best Regards Curtis Maurand mailto:cur...@maurand.com

Re: Click tracker removal ideas?

Wouldn't procmail do something like this? I haven't used procmail for quite some time, but iirc it can handle passing to a filter program, then the filter can hand it to the lmtp (dovecot for instance). Just a thought. I now return to the lurkers lair. --Curtis On February 15, 2019 6:58:00

Re: best practice for HA cluster

You could use Unison to keep the config folders in sync. Open source. runs on just about everything. February 8 2019 8:59 AM, "De Petter Mattheas" wrote: > Yeas we have F5 loadbalancer. > > But how do we shift the config ? as far as i know there is no central mgmt > for postfix only config

Re: It is possible for Postfix logging to bypass journald?

On 1/9/2019 5:55 PM, Robert L Mathews wrote: On 1/9/19 4:05 PM, Curtis wrote: We recently switched our Postfix mail servers to Ubuntu Server 18, which uses journald for logging. Since we have monitoring systems that parse /var/log/maillog, we enabled rsyslog with imuxsock so we still can parse

It is possible for Postfix logging to bypass journald?

n journald/imjournal. Ideas? Thanks, Curtis

Re: best practice - integrating spamassassin/clamav in postfix - amavis yes/no?

rred to a new group for management from the author. This happened within the last couple of weeks. I'm on that mailing list, too. They're working on getting the changes into the package repos. Amavis just received a new lease on life. Back to the discussion at hand, --Curtis

Re: Are sha1 & TLSv1 fully deprecated wrt mail, and time to block them?

October 15 2018 11:19 AM, "Kris Deugau" wrote: > Laura Smith wrote: > >> Honestly, you are most likely wasting your time on that point because all >> that you are likely to >> get back is a page of waffle saying "blah blah blah ... security reasons... >> blah blah blah" >>> I know this because

Re: server hw sizing

and spam. amavisd-new is written perl. It's a resource hog. Add fuzzy OCR and clamav and resource utilization starts going up. Lot's of regulare expressions in all those rules and policies. --Curtis October 4 2018 11:46 AM, "Viktor Dukhovni" wrote: > On Thu, Oct 04, 2018 at 04:

What is the upper limit allowed for smtp_line_length_limit?

? Thanks, Curtis

OT (was Re: Backup MX setup - alternative to db?)

that particular type of host. I have to "cd install_certs; gmake REMOTE_HOST=fqdn install" to add TLS key, cert, and CA cert files for some hosts. I don't know if this helps since I can't at this time share the tools. But the point is it can be done and can be improved o

Re: (OT)Ham Radio + SMTP (was Re: How to restrict encrypted email)

the digital stone ages. BSD dropped X.25 a decade ago but Linux still has code (marked experimental and does not seem to be supported). The ITU has pull in a lot of places so X.25 is mandated for packet radio in a lot of places. That said I'm no expert on this (or much of anything :) Curtis

OT: can't connect to Bill Cole's MX

? And no IPv6! Hello Bill. What's up? Curtis ps - sorry - I'd send direct to Bill ... but can't. Maybe the list is getting through.

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

On 04/12/16 14:26, Noel Jones wrote: On 4/12/2016 11:38 AM, Curtis Villamizar wrote: On 04/12/16 06:25, Wietse Venema wrote: Curtis Villamizar: I recently had a problem with mail where an ESP was in three blacklists plus SPF failed and spamassassin tossed some mail. That ESP is down to one

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

ng reports from anyone else, that is a good thing. I don't think there is any requirement to send empty reports or that those reports would serve any purpose (except maybe create "I got your report and here is your" loops). Curtis

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

On 04/12/16 06:25, Wietse Venema wrote: Curtis Villamizar: I recently had a problem with mail where an ESP was in three blacklists plus SPF failed and spamassassin tossed some mail. That ESP is down to one blacklist now. A sender got to me out-of-band and I dug up the maillog from a few days

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

egards MfG Robert Schetterer Curtis

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

informed them about how good their ESP was serving them. btw- If I had been using postscreen back then, I could not have found this in the logs based on sender email. Curtis ps - works for google, though dmarc says "accept and report". Google and Yahoo are allegedly enforcing o

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

o add DMARC. By publishing those records, you just avoid having someone forge mail as you (including to you, but there are plenty of simpler ways to protect against that). I was also planning to reject based on opendmarc at some point in the not-so-distant future. Curtis

Re: gmail servers requiring postscreen_access whitelisting

In message <b1132232-5b45-4a7b-8fb8-f240cea1f...@kreme.com> "@lbutlr" writes: > > On Apr 10, 2016, at 10:24 AM, Curtis Villamizar = > <cur...@orleans.occnc.com> wrote: > > postscreen_dnsbl_sites =3D > > list.dnswl.org*-5 > > #

Re: what error is being reported back to sender, and how to avoid reporting back internal server ports?

ce than inet with loopback IMO, reducing the chance of leverage. Loopback is like a socket or fifo with ugo+rw perms. Curtis

Re: gmail servers requiring postscreen_access whitelisting

In message <570a341b.9000...@pajamian.dhs.org> Peter writes: > > On 10/04/16 15:00, Curtis Villamizar wrote: > > This is a workaround that shouldn't be needed. > > > > Any idea what the cause of this is? So far no legit mail except gmail > > gets ca

Re: gmail servers requiring postscreen_access whitelisting

In message <3qjz5d5s15zj...@spike.porcupine.org> Wietse Venema writes: > > Curtis Villamizar: > > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was > > getting logs of this form: > > > > Apr 9 01:08:12 mta1 postfix/postscreen[18326]: &g

Re: gmail servers requiring postscreen_access whitelisting

In message <5709c8c8.1050...@megan.vbhcs.org> Noel Jones writes: > On 4/9/2016 10:00 PM, Curtis Villamizar wrote: > > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was > > getting logs of this form: > > > > Apr 9 01:08:12 mta1 postfix/postscr

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

In message <20160410024851.gu26...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Sat, Apr 09, 2016 at 09:31:48PM -0400, Curtis Villamizar wrote: > > > > 1) It looks to me that starttls really only protects the path to the > > >first server. Classic

gmail servers requiring postscreen_access whitelisting

ectory/postscreen_reject postscreen_access: # google mail servers 2607:f8b0:4002:c00::/60 permit [... other google server blocks ...] This is a workaround that shouldn't be needed. Any idea what the cause of this is? So far no legit mail except gmail gets caught here. Curtis

Re: rate limiting

peed of light is limited and geographic delays come into play. I've been involved in testing and some simulation of this type but on routers and various switchy-thingies rather than mailservers. Curtis > On 04/07/2016 06:19 PM, Wietse Venema wrote: > > See: > > http://www.postfix.org/postc

Re: rate limiting bad-bot HANGUPs in postscreen?

illog.0.bz2 | cat - /var/log/maillog | ..."). It gets rid of lots of PREGREET or HANGUP in under 1 sec. The threshhold of 5 is quite low but I don't think it will catch any legit mail servers. Still playing with this. Note that the big space before reject is three tabs. Curtis echo &

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

hanks for the links. I emailed one of the authors asking why so little was said about DNSSEC and nothing at all about DANE. Curtis

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Of course to encrypt using pgp or s/mime both ends must support pgp or s/mime which has been a problem. People within various communities of interest use pgp or s/mime (for example, the security community) but use is very sparse. Curtis > > Original Message > > From: Viktor Duk

Re: False positives from header_checks

t;. That doesn't solve base64 encoding. Disclaimer: I haven't tried this. Curtis On 04/06/16 22:02, Laz C. Peterson wrote: This is great information. It's very odd ... Apple has been responsible for the foundation of quite a few RFC's but in our experience has actually made it difficult for our s

Re: problem sending to outlook.com

nd add DKIM and SPF DNS records (maybe DMARC, though I don't do that but might in the near future). DKIM and SPF pass can only help, even if just a little, and DKIM+SPF+DMARC can make sure that forgery doesn't penalize your domain. Maybe someone that actually knows what they are talking about wil

Re: best practice for blocking fake local domain senders

In message

Re: Hardware with non-FQDN EHLO

n_helo_hostname >... any other stuff... On http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions permit_sasl_authenticated is not listed. Which makes some sense since the HELO occurs before AUTH. HELO checks seem to be all IP and hostname related. > -- Noel Jones Am I missing something? C

Re: Thousands of login attempts

client certs can be a headache to keep track of and hard to get into user's client MUAs. Filters limiting access to port 587 can then be applied a lot more strickly than filters on port 25 could be. Curtis

[OT] (was Re: Is /usr/bin/mail a link to sendmail/postfix)

t FreeBSD has used over time. Yes there still is a lot of similarity, but recycled version ... No - just a quick path to get closer to posix in the utilities with least restrictive licensing. Curtis

Re: OT yahoo

In message <612d47d4-9465-4031-9d48-e6a0c3a8a...@dukhovni.org> Viktor Dukhovni writes: > > > On Mar 13, 2016, at 5:42 PM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > > The NS RR are typically delivered in a fixed order, the order in the &

Re: OT yahoo

In message <3qnxhn426dzj...@spike.porcupine.org> Wietse Venema writes: > > Curtis Villamizar: > > Are you saying they only looked at the primary NS record? Maybe I > > misread a prior post but I thought you meant primary MX record. The > > former, if t

[OT] OS heritage (was: Re: source code for MacOSX tools)

tool set and a known set of include files and library files. So I don't give it good odds on being a drop in and compile solution. Mail is very simple and fairly self contained and probably hasn't changed significantly in decades so it might drop in. I'd exhaust other options first. Curtis

Re: OT yahoo

ing at the primary DNS which had gone = > offline because of the fixed IP issue, and no one else seemed to notice = > since the other DNS servers were working fine. Are you saying they only looked at the primary NS record? Maybe I misread a prior post but I thought you meant primary MX record. The former, if true, would be even more broken. Curtis

Re: OT: TLS and SNI (was Re: Postfix 3.1 and TLS Cert Files)

In message <56e0ccb4.6010...@spectralmud.org> Richard James Salts writes: > > On 10/03/16 09:32, Curtis Villamizar wrote: > > In message <56dfcd11.5010...@spectralmud.org> > > Richard James Salts writes: > > > >> On 09/03/16 06:44, Viktor Dukhovni wro

OT: TLS and SNI (was Re: Postfix 3.1 and TLS Cert Files)

In message <56dfcd11.5010...@spectralmud.org> Richard James Salts writes: > On 09/03/16 06:44, Viktor Dukhovni wrote: > >> On Mar 8, 2016, at 2:31 PM, Curtis Villamizar <cur...@orleans.occnc.com> > >> wrote: > >> > >> With HTTP the

Re: Postfix 3.1 and TLS Cert Files

In message

Re: Postfix 3.1 and TLS Cert Files

Tom, I've been following this thread and also not clear on your objectives. See inline. In message

Re: Postfix Mailman integration

st pointing to an existance proof that the mailman architecture is not fundamentally broken. btw- I can't tell from headers whether they use sendmail.org sendmail or postfix or something else, but amavisd-new is mentioned in the headers. amsl.com runs most of the mailing lists. Curtis

Re: [SOLVED] Re: A bug, maybe?

On 2/22/2016 3:03 PM, Viktor Dukhovni wrote: On Mon, Feb 22, 2016 at 02:57:23PM -0500, Curtis Maurand wrote: The problem was in the /etc/nsswitch.conf. I changed the line hosts: files dns to hosts:dns files and that solved the trouble

[SOLVED] Re: A bug, maybe?

On 2/20/2016 5:19 PM, Curtis Maurand wrote: On 2/20/2016 1:46 PM, Viktor Dukhovni wrote: On Sat, Feb 20, 2016 at 01:37:39PM -0500, Curtis Maurand wrote: Nothing is chrooted. resolv.conf is world readable. Wietse's program returns a valid address. It might not match the reverse

Re: A bug, maybe?

On 2/20/2016 1:46 PM, Viktor Dukhovni wrote: On Sat, Feb 20, 2016 at 01:37:39PM -0500, Curtis Maurand wrote: Nothing is chrooted. resolv.conf is world readable. Wietse's program returns a valid address. It might not match the reverse, but it did return an address. # ./getaddr

Re: A bug, maybe?

On 2/20/2016 12:17 PM, Viktor Dukhovni wrote: On Sat, Feb 20, 2016 at 11:40:09AM -0500, Curtis Maurand wrote: i just sent myself a test message from the client's system. Here is what I got. I immediately ran the lookups using dig. postfix can't seem to resolve things properly. Running

Re: A bug, maybe?

On 2/20/2016 11:26 AM, Curtis Maurand wrote: On 2/20/2016 11:12 AM, Christian Kivalo wrote: On 2016-02-20 16:45, Curtis Maurand wrote: Not sure if I found something or not. A client tried to send email to one of my other addresses. The requisite portion of the main.cf follows at the end

Re: A bug, maybe?

On 2/20/2016 11:12 AM, Christian Kivalo wrote: On 2016-02-20 16:45, Curtis Maurand wrote: Not sure if I found something or not. A client tried to send email to one of my other addresses. The requisite portion of the main.cf follows at the end of the message. The logs are telling me: Feb

A bug, maybe?

uld not have been rejected for any kind of ip mismatch. Forward, reverse and helo all match. Thanks, Curtis smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/p

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <211281bd-f686-4a8a-9e37-7d4368568...@kreme.com> LuKreme writes: > On Jan 30, 2016, at 22:42, Curtis Villamizar <cur...@orleans.occnc.com> wrote: > > It would be: > > > > cd /usr/local/etc > > mv postfix postfix.old > > ln -s .

Re: local delivery, alias expansion, and subdomain matches

In message <2a0d3251-10a1-4903-8689-2d190e144...@dukhovni.org> Viktor Dukhovni writes: > > On Jan 30, 2016, at 8:03 PM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > > I'm asking a little advice. > > > > On most of my hosts

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <5a7fbd95-2256-4177-a30d-32e36ea73...@dukhovni.org> Viktor Dukhovni writes: > > On Feb 1, 2016, at 3:54 AM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > > As I said to Viktor, I mistakenly thought, based on reading (mayb

Re: local delivery, alias expansion, and subdomain matches

In message <20160201080958.9bede332...@english-breakfast.cloud9.net> Curtis Villamizar writes: > > Aliasing root on null-clients is explained in: > > > >http://www.postfix.org/MULTI_INSTANCE_README.html#split > > OK. This Oops. Was going to write &q

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <49c94ad9-3c94-4c48-9726-0e81e1109...@dukhovni.org> Viktor Dukhovni writes: > > On Jan 31, 2016, at 1:01 AM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > > I use tcsh so: > > > > # sh -c 'postconf -

local delivery, alias expansion, and subdomain matches

parent_domain_matches_subdomains on virtual_alias_maps . That would save having to resort to using pcre in this case. Any faults in my thinking on this? Curtis

moving configs from /usr/local/etc/postfix to /etc/postfix

utf8_enable (default: yes)" but "postconf -d | grep smtputf8_enable" yeilds "smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}}" and "postconf -d | grep compatibility_level\ =" yields "compatibility_level = 0". Curtis

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <ba08647a-9b1d-42e5-b57c-efd945ec0...@kreme.com> "@lbutlr" writes: > > On 30 Jan 2016, at 20:27, Curtis Villamizar <cur...@orleans.occnc.com> wrote: > > Though postfix is compiled with /usr/local prefix (and I prefer the > > executables in /usr/

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <ff1da2c8-ba5d-4c64-9a1a-1e91bfc64...@dukhovni.org> Viktor Dukhovni writes: > > On Jan 31, 2016, at 12:24 AM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > >>> /usr/local/sbin/postconf: warning: inet_protocols: disabling

Re: moving configs from /usr/local/etc/postfix to /etc/postfix

In message <16f8c2b2-59cd-41b2-a452-5ec4b4442...@dukhovni.org> Viktor Dukhovni writes: > > On Jan 30, 2016, at 10:27 PM, Curtis Villamizar <cur...@orleans.occnc.com> > > wrote: > > > > This is more of an annoyance than a serious bug since there is a > &

Re: consequences of Moving to 3.0.3 out of ports

-d postfix-current-3.0.20151003,4 postfix-current-3.0.20151003,4: openssl-1.0.2_5 cyrus-sasl-2.1.26_12 pcre-8.37_4 sqlite3-3.9.2 I don't know why ldd doesn't find the anything with pcre in the name. Curtis

Re: selective disable of smtpd opportunistic TLS

In message <20160122041647.gh25...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Thu, Jan 21, 2016 at 10:55:19PM -0500, Curtis Villamizar wrote: > > > It took a while to get a dumpfile. My tcpdump command only covered a > > subset of comcast.net mailhosts. > &

Re: selective disable of smtpd opportunistic TLS

In message <20160122213312.gk25...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Fri, Jan 22, 2016 at 03:14:22PM -0500, Curtis Villamizar wrote: > > > You might > > also want to report that the keys they use are less than LOW security > > but that mi

Re: selective disable of smtpd opportunistic TLS

In message <20160115235712.gn...@mournblade.imrryr.org> Viktor Dukhovni writes: > > On Fri, Jan 15, 2016 at 06:47:38PM -0500, Curtis Villamizar wrote: > > > Viktor, > > > > If you are still interested below is a tcpdump. > > > > If not intere

Re: Question on master.cf

In message Paul Goyette writes: > While researching to see if I could find a way to fix my other issue > (how my primary-MX server can differentiate between messages originating > on my backup-MX server and those that are simply relayed from

Re: selective disable of smtpd opportunistic TLS

In message <20160115051749.gl...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Thu, Jan 14, 2016 at 11:54:13PM -0500, Curtis Villamizar wrote: > > > > > > > smtp_tls_ciphers = high > > > > > > > > > > Usually best to leav

  1   2   >