Re: TLS 1.0 with Outlook 2010 and Windows XP

Zitat von Jeroen Geilman : Is outlook a requirement? That is easiest to replace with e.g. thunderbird To my knowledge the Software is using the old Outlook API because Outlook is used in the background to simply send mail without starting the GUI. But i will double check if Tunderbird

Re: TLS 1.0 with Outlook 2010 and Windows XP

Zitat von Viktor Dukhovni : On Sun, Mar 13, 2022 at 08:35:02PM +, lst_ho...@kwsoft.de wrote: We have a Postfix Server Version 3.3 and Openssl 1.1.1 on Ubuntu 18.04 LTS. One user has the need to send e-mail from an age old Windows XP VM used because of a special not any more available

TLS 1.0 with Outlook 2010 and Windows XP

Hello, we have a Postfix Server Version 3.3 and Openssl 1.1.1 on Ubuntu 18.04 LTS. One user has the need to send e-mail from an age old Windows XP VM used because of a special not any more available software. I have tried to not deactivate TLS 1.0 as Outlook/XP should be able to use

Re: Postfix "IPv6-only" - experience/recommendation question

Zitat von "@lbutlr" : On 11 May 2020, at 04:24, Jaroslaw Rafa wrote: Someone told me… that Google is more likely to classify email from small senders as spam if they are sent via IPv6, and less likely if they are sent via IPv4. Short of Google publishing this information, I doubt that

Re: TLS client certificates and auth external

Zitat von Viktor Dukhovni : On Apr 19, 2019, at 1:10 PM, Wietse Venema wrote: Using a name instead of cert fingerprint also requires revocation checking. Cert revocation is not needed, as long as there is an an explicit mapping like: certificate identity -> permit/etc action

Re: TLS client certificates and auth external

Zitat von Wietse Venema : lst_ho...@kwsoft.de: What is the way to go to take part of the feature development? I looks like we need a slight modification of the auth external as described. Mailin glist discussions. Eventually there will be a postfix--nonprod release that combines all

Re: TLS client certificates and auth external

Zitat von Emmanuel Fusté : You need the relay_clientcerts map with relay_clientcerts_auto mode. Put the fingerprint or pkey_fingerprint and the mapped SASL identity in the file and it will work For example: 43:B6:FE:07:BB:2E:BF:86:8A:4D:2A:DD:78:07:09:C6    xxx.kwsoft.de Will try that,

Re: TLS client certificates and auth external

Zitat von Emmanuel Fusté : Hello, Great piece of work ! It solve a big part of my problem, but sadly I need to go deeper. Le 18/03/2019 à 22:45, Bastian Schmidt a écrit : In the meantime I have completed a patch and sent it to Wietse and Victor, which adds an option

Re: TLS client certificates and auth external

Zitat von Wietse Venema : lst_ho...@kwsoft.de: This sounds like the feature we will need. I doubt the client would be able to do real AUTH, but we have to trust/relay based on the CN of a validated certificate. Is there any progress merging this in the 3.5 line or do i have to poke around

Re: TLS client certificates and auth external

Zitat von Emmanuel Fusté : Le 27/03/2019 à 18:10, Emmanuel Fusté a écrit : Le 27/03/2019 à 17:14, Viktor Dukhovni a écrit : On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: The goal is to be as transparent as possible : - if the client is not found in the relay_clientcerts,

Re: permit_tls_clientcerts with CN matching

Zitat von Wietse Venema : lst_ho...@kwsoft.de: Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will change. As far as i can

permit_tls_clientcerts with CN matching

Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will change. As far as i can see Postfix is only able to use certificate

Re: Postfix, Hotmail never arrive

Zitat von Maurizio Caloro : Hello Together Today i have contact Microsoft, but i dont have any News. "My name is 123 and I work with the Outlook.com Deliverability Support Team. We have reviewed your IP(s) *(*w.x.y.z*) *and determined that messages are being filtered

Re: Mitigating From field spoofing (revised)

Zitat von Jack beanstallk : Noel Jones megan.vbhcs.org> writes: This is not something built into postfix. As an alternative, use SPF and DKIM to detect forged mail claiming to be from your own domain. -- Noel Jones Just to clarify is this something that is not

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Zitat von jaso...@mail-central.com: On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote: On a system where you know enough about all your users to know that they don't want to get critical email from clueless sources, you can make restrictive choices with no trouble. If you don't actually know

Re: bad.psky.me RBL?

Zitat von Quanah Gibson-Mount : Is anyone familiar with this RBL and its quality? Not a whole lot of info at . Terms seem probably ok . If there isn't a lot of info, expect the worst. You should always be aware

Re: Questions about SSL for outgoing emails

Zitat von Michael Peter : Hello, smtpd_tls_security_level = encrypt smtp_tls_security_level = encrypt I configured postfix to use encryption for incoming and outgoing emails. but incase the receipt has untrusted certificate or self signed certificate, postfix

Re: Conditional Greylisting

Zitat von Bruce Marriner : On Friday, September 18, 2015 04:59 PM CDT, "Bill Cole" wrote: On 18 Sep 2015, at 14:29, Bruce Marriner wrote: > So I want to be able to set up Postfix so, if it passes DKIM or other > checks that give

Re: Importance of keeping DANE TLSA records correct.

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: Until now, most DANE deployments have been on small hobbyist machines, by people who mostly don't correspond with each other. So if a particular domain's TLSA RRs were broken, nobody noticed. This is about to change. The German email

Re: SMTPUTF8 usage

Zitat von Mike Cardwell post...@lists.grepular.com: * on the Thu, Aug 20, 2015 at 05:36:38PM +0200, Benny Pedersen wrote: What mail products are SMTPUTF8-compliant at this time? will it ever be needed ?, with idn domains it allready encoded into 7bit, is postfix translate this to utf8 ?,

Re: Messagelabs rejects mails from my MTA - how to debug ?

Zitat von Marek Salwerowicz marek_...@wp.pl: Hi list, Yesterday I was informed by Users, that they can't send e-mails to one of the banking institutions (so it's a little 'urgent' in businesses manner). The mails are rejected by Messagelabs / Symantec Cloud System, but do not provide

Re: Bandwidth choke issue between remote offices and SMPT server.

Zitat von jayesh shinde jayesh.shi...@netcore.co.in: Hi , I am facing problem of bandwidth choke issue between remote location and SMPT server. Please giude for below. Want to know how the other busy servers are handling such issues. scenario  :-- - 1) I have

Re: FREAK cipher-suite hygiene for Postfix

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Mar 04, 2015 at 07:53:18AM +, Viktor Dukhovni wrote: Now that the FREAK attack is widely disclosed, those of you who run SMTP servers that peer with clients that authenticate your server (be it via the traditional PKI or via

Re: detecting encryption for outgoing mail

Zitat von John j...@klam.ca: A couple of the servers I support are medical offices, and for patient confidentiality reasons they need to send email out encrypted. After a lot of discussion they have come to the conclusion that in order to avoid accidentally sending confidential data

Re: Working around recalcitrant ISP wrt rDNS

Zitat von li...@rhsoft.net: Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de: You are putting too much of meaning in a DNS token. There is no global rule or RFC about the interpretation of the string forming this token. I'm totaly free to call my host bad-host-static-0815.example.com.

Re: Working around recalcitrant ISP wrt rDNS

Zitat von li...@rhsoft.net: Am 04.02.2015 um 22:54 schrieb Noel Jones: On 2/4/2015 3:12 PM, li...@rhsoft.net wrote: *sadly* that sort of incoming rules is not widespreaded enough, otherwise spam from infected botnet zombies would no longer exist and frankly the rule for

Re: TUNING_README: persistent write cache?

Zitat von Andrew Bourgeois and...@demmel.be: Hello What does Speed up disk updates with a large (64MB) persistent write cache. mean (source: http://www.postfix.org/TUNING_README.html)? Does this talk about the dirty ratio or is it something else? Google didn't help me on this one. Thanks in

Re: Using greylisting and other policies all in one. Use built in Postifx policy functions or other popular ones?

Zitat von srach hndls...@tutanota.de: I have read the documents for some different Greylisting opportunities for Postfix This built into Postfix http://www.postfix.org/SMTPD_POLICY_README.html#greylist and popular ones http://wiki.policyd.org http://postgrey.schweikert.ch I am not finding

Re: Postfix´s sendmail command configuration

Zitat von m.dvo...@annkar.cz: I have a script where sendmail command is used BUT I need to specify to via SMTP server (espec. port) will sendmail send email. It is simply. marek Marek Dvorak email: m.dvo...@annkar.cz tel : 777 691 528 skype: dvorak.marek As said the sendmail binary drop

Re: enable_long_queue_ids vowels are unsafe why?

Zitat von li...@rhsoft.net: Am 02.01.2015 um 17:41 schrieb lst_ho...@kwsoft.de: Zitat von wie...@porcupine.org: Jeffrey 'jf' Lim: As per subject. http://www.postfix.org/postconf.5.html#enable_long_queue_ids says: For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. In

Re: enable_long_queue_ids vowels are unsafe why?

Zitat von wie...@porcupine.org: Jeffrey 'jf' Lim: As per subject. http://www.postfix.org/postconf.5.html#enable_long_queue_ids says: For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. In what way are vowels unsafe? Postfix should not generate offensive text such as

Re: Why does SPF fail sometimes?

Zitat von James B. Byrne byrn...@harte-lyne.ca: On Sun, December 14, 2014 20:05, Richard Damon wrote: DMARC says that if a domain requests DMARC protection then any message that has a RFC5322 domain pointing to it, must be verifiable as coming from that domain, thus such an address can NOT

Re: And Ident - port 113

Zitat von li...@rhsoft.net: Am 05.12.2014 um 14:00 schrieb Robert Moskowitz: I also have ident - port 113 open on the firewall. But not only is it not open on the server's firewall, I don't see a listen for it with 'netstat -na|grep113' I do recall that ident was one thing some MTAs wanted.

Re: google bouncing emails - ipv6 ptr problem?

Zitat von John j...@klam.ca: On 11/22/2014 9:45 AM, Robert Schetterer wrote: Am 22.11.2014 um 14:50 schrieb A. Schulze: wietse: A. Schulze: So instead implementing strange workarounds, one should search, find, understand and fix the real problem. Google bounced my mail because of a temp

Re: google bouncing emails - ipv6 ptr problem?

Zitat von A. Schulze s...@andreasschulze.de: wietse: A. Schulze: So instead implementing strange workarounds, one should search, find, understand and fix the real problem. Google bounced my mail because of a temp error. I changed nothing in my DNS or DKIM. It's their bug, not mine. I

Re: google bouncing emails - ipv6 ptr problem?

Zitat von wie...@porcupine.org: Robert Moskowitz: Perhaps this should go to the bind list, but all of my checking shows my ipv6 ptr record is working. This started, I think, last week. I was running an old mailserver and sent many an email to the cubieboard list. I had one email bounce

Re: TLS SNI support

Zitat von Michael Ströder mich...@stroeder.com: Peter wrote: It's pointless for MX hosts because they don't validate the certificate anyways. Which has to be changed. Ciao, Michael. http://www.postfix.org/TLS_README.html#client_tls_dane Doesn't need SNI either... Regards Andreas

Re: TLS SNI support

Zitat von li...@rhsoft.net: Am 07.11.2014 um 09:35 schrieb Michael Ströder: Peter wrote: It's pointless for MX hosts because they don't validate the certificate anyways. Which has to be changed Google: DANE and Viktors recent response in that thread don't require SNI my god the reason

Re: SPF and leboncoin.fr vs sfr.fr

Zitat von Daniele Nicolodi dani...@grinta.net: On 28/05/2014 17:19, Robert Schetterer wrote: you may set your SPF Record to ~allSoftFail Thanks Robert, I've done that. invest in dkim and dmarc What advantages would that bring to me? I implemented SPF just because otherwise the

Re: SPF and leboncoin.fr vs sfr.fr

Zitat von Benny Pedersen m...@junc.eu: lst_ho...@kwsoft.de skrev den 2014-05-28 18:54: But as always YMMV if spf pass and its spam why not reject that sender domain in postfix ? any solution always changes the problem :=) The domains change at least once per week, the netblock every 3-6

Re: Evangelizing DNSSEC and DANE

Not sure if someone already noticed (in German): http://www.heise.de/newsticker/meldung/Bund-sichert-ueberraschend-Mailtransport-per-DANE-ab-2196565.html Looks like the german government is at least in progress of setup DANE for e-mail for domain bund.de Would be a big marketing point i

Re: Evangelizing DNSSEC and DANE

Zitat von lst_ho...@kwsoft.de: Not sure if someone already noticed (in German): http://www.heise.de/newsticker/meldung/Bund-sichert-ueberraschend-Mailtransport-per-DANE-ab-2196565.html Looks like the german government is at least in progress of setup DANE for e-mail for domain bund.de

Re: SMTP STARTTLS - best practices?

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Apr 23, 2014 at 04:54:44PM +0200, lst_ho...@kwsoft.de wrote: Are there any experience with DNSSEC capable DNS Providers at the lower cost range suitable for KMU? I've not looked at the cost of full-service DNS outsourcing. Some

Re: Asking about heartbleed

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote: I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug affect a TLS service like submission? In pretty much the same way that it applies to web

Re: Gateway Server queues too many mails

Zitat von Nikolaos Milas nmi...@noa.gr: On 27/2/2014 4:40 μμ, Nikolaos Milas wrote: Now that amavis seems to be running correctly, how can I resend immediately those suspended mails? Unfortunately, I am afraid that after I run postqueue -f and messages were moved to the active queue,

Re: TLS client logging PATCH

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Feb 26, 2014 at 07:43:25AM +0100, Erwan David wrote: The local resolver can have the resolvers on the LAN configured as forwarders, but you need the local stub resolver. No reason not to have one, really, especially on a busy

Re: TLS client logging PATCH

Zitat von wie...@porcupine.org: lst_ho...@kwsoft.de: Yes, of course. In practice, for most users, the local resolver is by far the simplest configuration. Is or will this be enforced by Postfix in some way for DANE? Postfix does not parse /etc/resolv.conf. Wietse Thanks!

Re: TLS client logging PATCH

Zitat von li...@rhsoft.net: Am 26.02.2014 12:48, schrieb Wietse Venema: lst_ho...@kwsoft.de: Yes, of course. In practice, for most users, the local resolver is by far the simplest configuration. Is or will this be enforced by Postfix in some way for DANE? Postfix does not parse

Re: network is unreachable

Zitat von c cc sub...@gmail.com: Hi, All of the sudden, we can't send any email to one particular domain, and below is the error message we got. Does anyone have any idea how to fix this problem? Thanks! Charles This is the mail

Re: network is unreachable

Zitat von c cc sub...@gmail.com: Andreas, Thanks for your quick reply--is there a setting in Postfix that I should configure to fix this problem? Thanks! Charles You might try with IPv4 only with inet_protocols=ipv4 but you should first check if you can reach them by IPv4 anyway. But

Re: network is unreachable

Zitat von c cc sub...@gmail.com: Hi all, Thanks for all your help. Since we are using EC2 from Amazon and they don't support ip6 on EC2, they recommended me to force Postfix to send email using ipV4 by changing: inet_protocols = all to inet_protocols = ipv4 and restart or reload Postfix

Re: International email addresses (RFC 6531)

Zitat von Freek Dijkstra pub...@macfreek.nl: Hi all, Postfix does not support international email addresses, such as josé@example.org, as described by RFC 6530-6532. To be precise, the SMPTUTF8 (previously: UTF8SMTP) SMTP extension is not announced in the EHLO response. Wikipedia [1] says

Re: blocked by gmail

Zitat von Grant emailgr...@gmail.com: For the first time ever, 7 of my (very much legitimate) automated messages sent to gmail users have bounced with this message: Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail this message

Re: server refused to talk to me: 550

Zitat von Matteo Cazzador mat...@netlite.it: Hi, i've a problem causing by blacklist. I 've a virtual postfix mail server (with smtp server sasl auth), when a user send a mail using my smtp server to a specific domain i obtain: hostname ... server refused to talk to me: 550 Denied by

Re: [Aside] Alternatives to content inspection?

Zitat von Robert Lopez rlopez...@gmail.com: A recent postfix-users thread had comments (about Spamassassin) along the lines of content inspection being evil by design. (Andreas and Stan) In my mind content inspection would include anti-virus checking. Am I wrong? At least my comment was in

Re: Solution to SMTPAuth compromised accounts.

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Fri, Sep 13, 2013 at 11:45:54AM +0900, Jorgen Lundman wrote: However, quite often the 3rd party involved uses software that can use pipelining, and simply keeps sending mail, even though the SMTPAuth account has been stopped. What

Re: EDH Ciphers

Zitat von Ralf Hildebrandt r...@sys4.de: What exactly are the prerequisites for preferring EDH ciphers in Postfix? * Do I need ECC (and thus OpenSSL = 1.0.0) or not? For EDH no, for ECDHE yes * Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? This let the *server*

Re: delivery status notification (DNS)

Zitat von Pol Hallen postfi...@fuckaround.org: Follow official postfix page (http://www.postfix.org/DSN_README.html) I've: smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access cat /etc/postfix/esmtp_access # Allow DSN requests from local subnet only 192.168.1.0/24

Re: Is this an attack?

Zitat von Andreas Kasenides andr...@cymail.eu: One of my mail servers (postfix 2.6) has been target of what seems to me to be an attack. The attacker tried to deliver messages to a non-existent user names formed as a long hex string. It only happened once from one particular client and kept

Re: Multiple owners in smtpd_sender_login_maps

Zitat von Ram r...@netcore.co.in: I have a requirement of 2 different users using the same sender email address I found a very old patch for doing this in postfix. http://permalink.gmane.org/gmane.mail.postfix.devel/4 Is this patch still the only way of doing multiple owners Not sure

Re: Temporary lookup failure with relay_recipient_maps

Zitat von Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Mar 06, 2013 at 06:13:05PM +, lst_ho...@kwsoft.de wrote: Zitat von Wietse Venema wie...@porcupine.org: Postfix reports that the LDAP client library could not connect to any of the LDAP servers. Don't shoot the messenger.

Re: Temporary lookup failure with relay_recipient_maps

Zitat von Wietse Venema wie...@porcupine.org: Alvaro Marin: For a moment, one ActiveDirectory server for some domains was down, so I've seen in logs: warning: dict_ldap_connect: Unable to bind to server ldap://IP1 ldap://IP2 as cn=x,ou=x,dc=x,dc=x: -1 (Can't contact LDAP server) ... Is

Re: avoiding overload on port 587

Zitat von Tomas Macek ma...@fortech.cz: I don't understand now, how Postfix behaves when listenting on submission port 587. Our mailserver is sometimes overloaded on port 25, so we want to use postscreen. But I don't understand, how Postfix works when it's stressed on port 587, when

Re: avoiding overload on port 587

Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek ma...@fortech.cz: I don't understand now, how Postfix behaves when listenting on submission port 587. Our mailserver is sometimes overloaded on port 25, so we want to use

Re: avoiding overload on port 587

Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek ma...@fortech.cz: I don't understand now, how Postfix behaves when listenting on

Re: avoiding overload on port 587

Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek ma...@fortech.cz: On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas

Re: [OT] SPF - Do you use it

Zitat von Titanus Eramius tita...@aptget.dk: Slightly off topic. I hope it's OK when the mail is marked as such. I was just wondering if the users of this list use SPF in any way, and if so, to what extend? We have considered SPF some five years ago but after second thought ditched it

Re: [OT] SPF - Do you use it

Zitat von Reindl Harald h.rei...@thelounge.net: Am 05.10.2012 16:04, schrieb lst_ho...@kwsoft.de: Zitat von Titanus Eramius tita...@aptget.dk: Slightly off topic. I hope it's OK when the mail is marked as such. I was just wondering if the users of this list use SPF in any way, and if so,

Re: [OT] SPF - Do you use it

Zitat von Wietse Venema wie...@porcupine.org: Alumno Etsii: As far as I'm concerned, SPF is not an anti-spam tool, but an anti-forgery tool. I'm ending this discussion before the flames flare up. Let's suffice with the following observation: SPF helps a sender and receiver who know

Re: OT: postfix configuration comments

Zitat von Reindl Harald h.rei...@thelounge.net: Am 24.08.2012 11:09, schrieb Hari Hendaryanto: On 8/24/2012 3:30 PM, Reindl Harald wrote: Am 24.08.2012 05:57, schrieb Hari Hendaryanto: it's not really a problem, just my curiosity. I wonder why Postfix does not support comments such as

Re: high-speed postfix configuration

Zitat von Mike Mitchell m...@mitchellzone.org: We've actually been providing this service for 10 years now, but are just now reaching a scale where default configurations are insufficient to handle the volume. We've not needed to touch the mail server prior to now, so are just looking

Re: ..::Rbl not working::..

Zitat von Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com: On 8/21/12 9:57 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménezare...@ibossmonitor.com: Thanks it seems to be an issue with spamhaus, here's the result: [root@mail ~]# host 107.178.203.192.zen.spamhaus.org

Re: The ultimate email server

Zitat von Mikkel Bang facebookman...@gmail.com: I'm trying to configure the ultimate email server for this webapp that needs to send and receive / forward emails to and from thousands of users. But with so many people recommending so many different tools, it gets hard to come to a conclusion.

Re: virtual mailboxes BUT NOT virtual domain

Zitat von The Eye mhell...@in-ulm.de: On Wed, May 02, 2012 at 07:05:03AM -0400, Wietse Venema wrote: Michael Hellwig: I've been butting my head against this one for quite some time now. You might want to read this document: http://www.postfix.org/ADDRESS_CLASS_README.html This decribes

Re: IPv6 to IPv4 fallback mechanism

Zitat von Fernando Gozalo fgoz...@csi.uned.es: Hi, does the postfix smtp client implement the IPv6 to IPv4 fallback mechanism as browsers do? Postfix uses the fallback mechanism SMTP provides. It connects the MX with lowest priority at IPv6 if available and proceed to the next IPv6 or

Re: postgrey outgoing mail whitelister

Zitat von /dev/rob0 r...@gmx.co.uk: On Wed, Apr 18, 2012 at 04:33:31AM +0300, Henrik K wrote: Still, is it too much to ask for looking at things from many angles or backing up claims with any kind of statistics or science instead of personal gut feelings? Where/how would one collect such

Re: postgrey outgoing mail whitelister

Zitat von Reindl Harald h.rei...@thelounge.net: Am 17.04.2012 13:43, schrieb Henrik K: Hopefully by now people realize that your practical expierience is questionable. my practical expierience is managing some hundret domains with 15.000 RCPT since years - so stop your idiotic personal

Re: Postfix can not resolve the ip-address

Zitat von Руслан Шарипов ufa...@gmail.com: Hello. Postfix can not resolve the IP-address, but the nameserver is configured correctly. See, in mail.log: root@mail2:/var/log# tail -3 mail.log Apr 16 02:35:44 mail2 postfix/smtpd[1855]: connect from unknown[209.85.215.53] Apr 16 02:35:45

Re: Postfix and Flood Spamming

Zitat von Stephane Wirtel stephane.wir...@gmail.com: Dear Postfix Jedi, I need your help to secure a new postfix server against the SPAM flooding. Currently I have an old postfix based on an old debian server and since some days, my server is subject to the SPAM flooding (+- 50k

Re: Postfix and Flood Spamming

Zitat von Stéphane Wirtel stephane.wir...@gmail.com: Hi Stan, On 04/16/2012 01:27 PM, Stan Hoeppner wrote: On 4/16/2012 4:33 AM, Stephane Wirtel wrote: Dear Postfix Jedi, I need your help to secure a new postfix server against the SPAM flooding. Currently I have an old postfix based on an

Re: Postfix and Flood Spamming

Zitat von Stéphane Wirtel stephane.wir...@gmail.com: Is there an efficient way to know if my server is blacklisted ? a reference ? Enter the IP in question at http://multirbl.valli.org/ is one possibility Regards Andreas

Re: Multiple SSL certs on multiple IPs

Zitat von Wietse Venema wie...@porcupine.org: Mark Constable: 12.34.56.78:smtp inet n - - - - smtpd -o myhostname=domain1.com This change all SMTP server responses that depend on the myhostname settings. Any thoughts or suggestions on how to improve this strategy? Use separate MTA

Re: Postfix and LDAP lookups

Zitat von Igmar Palsenberg post...@palsenberg.com: Hi, I'm attempting to migrate from sendmail to Postfix + LDAP, so bare with me, I'm an sendmail user :) I've migrated the live user database into LDAP, and added my own e-mail addresses to my LDAP entry : dn:

Re: Postfix and LDAP lookups

Zitat von Igmar Palsenberg post...@palsenberg.com: alias_maps = ldap:/etc/postfix/ldap-aliases.cf virtual_alias_maps = ldap:/etc/postfix/ldap-virtual.cf virtual_alias_domains = $virtual_alias_maps The virtual_alias_domains probably does a lookup in 'jdi.nl'. That isn't directly in the

Re: verify database error

Zitat von Daniel L. Miller dmil...@amfes.com: On 4/3/2012 10:32 AM, Wietse Venema wrote: Daniel L. Miller: I keep seeing the following in the log: postfix/verify[27427]: close database /var/lib/postfix/verify.db: No such file or directory /* * With some Berkeley DB

Re: Encrypt attachments

Zitat von Kai Szymanski k...@codebiz.de: Hi Andreas, That's why e-mail encryption (S/MIME, PGP) was invented for. Why reinvent the wheel? You are right...and not ;) Problem: If we use for example gpg rhe !other side! also have to use gpg and needs to have a key infrastructure

Re: Encrypt attachments

Zitat von Kai Szymanski k...@codebiz.de: Hi! For a customer i have to implement on the fly encryption for attachments. Means: 1) Send Mail to Customer - Postfix receive email by smtp from local sender - Check if Recipient is in DB. If not = Forward message by smtp to customer

Re: Next day

Zitat von gdedousis1...@gmail.com: I use Postfix and is great. Thank you W! I send this becoz I got worried: If Wietse suddenly gets tired, retired etc what happens to Postfix? Any team/guys knowing Postfix well enough to keep dev on with W's blessings? Well, that's the

RE: SMTP Authentication

Zitat von King™ mr.kingcas...@gmail.com: Who have another solution ? Please suggest/advise me…. Thanks all -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter Sent: Monday, March 26, 2012 3:30 AM To:

Re: Email encryption check before accepting for transmission

Zitat von john j...@klam.ca: We need to ensure that emails sent by some of our users are encrypted (medical records, reports, etc) before they are sent. We only accept out going mail from our local users by submission (port 587). I realize that this is really the job of the MUA, but I would

Re: email blocked on the backup mx

Zitat von ml m...@smtp.fakessh.eu: hello postfix list hello guru of Fu I am having problems with my secondary mx some mails that are blocked on the secondary remain above with an error 4D5BDCA1C9 4344 Thu Feb 2 23:19:41 centos-boun...@centos.org (Host or domain name not found. Name

Re: spy problem

Zitat von Baptiste Bauer baptiste.ba...@epsmd-aisne.fr: Hi ! I am suspicious ! I use POSTFIX. I suppose my workmate spy my mail sending ! ( i don’t know how ! ) ð I checked « aliases » : no redirection. But there is a « generic.db » file …. And the file « generic » has been deleted (

Re: spy problem

Quoting Tolga to...@ozses.net: On 02/01/2012 12:17 PM, lst_ho...@kwsoft.de wrote: Zitat von Baptiste Bauer baptiste.ba...@epsmd-aisne.fr: Hi ! I am suspicious ! I use POSTFIX. I suppose my workmate spy my mail sending ! ( i don't know how ! ) ð I checked « aliases » : no redirection.

Re: Access Map

Zitat von DN Singh dnsingh@gmail.com: Hello group, I was configuring some restrictions on the Postfix level using access map. It is in has format. It is has a pretty good number of domains in it. So, I was wondering, how large can be the file, without affecting the performance? These are

Re: Strange SASL Authentication Issue

Zitat von Robert Krig robert.k...@render-wahnsinn.de: On 01/13/2012 09:52 AM, lst_ho...@kwsoft.de wrote: Zitat von Robert Krig robert.k...@render-wahnsinn.de: On 01/11/2012 08:38 PM, Gary Smith wrote: Restarting postfix, saslauthd and authdaemon seems to get it working again, at least

Re: Strange SASL Authentication Issue

Zitat von Robert Krig robert.k...@render-wahnsinn.de: On 01/11/2012 08:38 PM, Gary Smith wrote: Restarting postfix, saslauthd and authdaemon seems to get it working again, at least for a while. Are you using pam_mysql by chance? Yes, I am. Too bad, pam_mysql is known to leak memory. We

Re: outbound postfix for customers

Zitat von polloxx poll...@gmail.com: Dear list, We want to setup a outbound postfix server in our datacenter dedicated to our customers. We want separate logs, separate spool directories, possibility to set mail quota per customer, Didicated IP addresses per customer. Do you guys have

Re: TLS certificate validation woes

Zitat von Bernhard Schmidt be...@birkenwald.de: Am 20.12.2011 10:24, schrieb lst_ho...@kwsoft.de: Hello, Any idea how to allow all certificates issued by specific Sub-CAs, without trusting everyone? As far as i understand you have to list the complete chain but only your sub-CA to get it

Re: Table has changed; restarting messages not appearing

Zitat von Noel Jones njo...@megan.vbhcs.org: On 12/19/2011 9:54 AM, Who Me wrote: I'm in the process of replacing the hardware for my external mail relay. Both my existing postfix (V2.5.5) implementation, and my new one (V2.8.7) update their relay_recipients table daily from Active

Re: SMTP hangs when MySQL is down

Zitat von Sebastian Wiesinger postfix-us...@ml.karotte.org: * lst_ho...@kwsoft.de lst_ho...@kwsoft.de [2011-12-08 14:46]: And I had hoped that perhaps this would be an improvement to postfix. Sadly it seems it was some kind of blasphemy to question the way postfix does handle this stuff. No,

  1   2   3   4   >