Re: postfix 2.6.6 configure IPV6 relayhost

Jeffery Hammond: > please let me know what additional information you need. A complete transaction that has NO DEBUG logging. Wietse

RE: postfix 2.6.6 configure IPV6 relayhost

postfix]# postconf -n command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 10 html_directory = no inet_interfaces = loopback-only inet_protocols = all mail_owner = postfix mailq_path =

Re: postfix 2.6.6 configure IPV6 relayhost

> On Nov 1, 2018, at 10:37 AM, Jeffery Hammond wrote: > > Nov 1 14:36:58 FTP01-A01 sendmail[18585]: wA1EawPP018585: from=root, > size=214, class=0, nrcpts=1, > msgid=<201811011436.wa1eawpp018...@sfems01-a03.samsung.com>, > relay=root@localhost > Nov 1 14:36:58 FTP01-A01 sendmail[18585]:

RE: postfix 2.6.6 configure IPV6 relayhost

Let me share a few more lines, postfix starts but as you said sendmail runs even though I have stopped the process Nov 1 14:36:47 FTP01-A01 postfix/postfix-script[18316]: stopping the Postfix mail system Nov 1 14:36:47 FTP01-A01 postfix/master[31878]: terminating on signal 15 Nov 1 14:36:47

Re: Postscreen newb questions

On 31 Oct 2018, at 17:12, Noel Jones wrote: Postscreen *should not* be used on ports used for client authenticated SMTP. Generally, this has been true... However, I have recently seen spambots using compromised accounts on port 587 without properly waiting for the greeting banner. This was

lost connection after data

Hi, Our users try to get e-mail from turnitin.com, but we have error like below. It seems same IP address with different mx records. How can we resolve this. thanks in advance. postfix/policy-spf[10024]: : Policy action=PREPEND Received-SPF: pass ( turnitin.com: 199.47.85.44 is authorized to

Re: lost connection after data

Selcuk Yazar: > postfix/smtpd[6055]: lost connection after DATA (3865 bytes) from > mx2.iparadigms.com[199.47.85.44] Possible cause: - Broken WSCALE (window scaling). https://en.wikipedia.org/wiki/TCP_window_scale_option Less likely, because the failure happened after 3865 bytes: - Broken

postfix 2.6.6 configure IPV6 relayhost

I'm trying to configure a GNU server rel 6 to send mail to a remote mail-host. >From maillog Nov 1 03:43:03 FTP01-A01 postfix/smtpd[2323]: dict_eval: const mail Nov 1 03:43:03 FTP01-A01 postfix/smtpd[2323]: dict_eval: const all Nov 1 03:43:03 FTP01-A01 postfix/smtpd[2323]:

Re: Postscreen newb questions

> On Nov 1, 2018, at 11:30 AM, Bill Cole > wrote: > > I intend to experiment with postscreen on 587 on the next Postfix > system I work with where compromised accounts are a problem. Don't waste your time. Postscreen cannot help you with this. Postscreen maintains dynamic IP-address

Re: Postscreen newb questions

Bill Cole: > On 31 Oct 2018, at 17:12, Noel Jones wrote: > > > Postscreen *should not* be used on ports used for client > > authenticated SMTP. > > Generally, this has been true... > > However, I have recently seen spambots using compromised accounts on > port 587 without properly waiting for

RE: postfix 2.6.6 configure IPV6 relayhost

I found it. Used 'alternatives --config mta' to change sendmail to postfix. It's working now. Thanks. Jeff Hammond Systems Engineer Samsung -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Thursday,

Re: postfix 2.6.6 configure IPV6 relayhost

On 1 Nov 2018, at 11:08, Jeffery Hammond wrote: Let me share a few more lines, postfix starts but as you said sendmail runs even though I have stopped the process Programs that send mail typically use the sendmail binary at (or symlinked from) /usr/sbin/sendmail. You need to replace that

Re: Postscreen newb questions

Viktor Dukhovni: > > On Nov 1, 2018, at 11:30 AM, Bill Cole > > wrote: > > > > I intend to experiment with postscreen on 587 on the next Postfix > > system I work with where compromised accounts are a problem. > > Don't waste your time. Postscreen cannot help you with this. > Postscreen

Re: postfix 2.6.6 configure IPV6 relayhost

Wietse Venema: > Jeffery Hammond: > > please let me know what additional information you need. > > A complete transaction that has NO DEBUG logging. As in all the logging as Postfix tries to deliver a message, without the debug logging. Wietser

RE: postfix 2.6.6 configure IPV6 relayhost

I'm sorry do you mean disable debugging logging as in debug_peer_level =0? Jeff Hammond Systems Engineer Samsung -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Thursday, November 01, 2018 9:17 AM To:

Re: postfix 2.6.6 configure IPV6 relayhost

On Thu, Nov 01, 2018 at 02:29:24PM +, Jeffery Hammond wrote: > I'm sorry do you mean disable debugging logging as in debug_peer_level =0? As in an empty "debug_peer_list". -- Viktor.

A better way to do secure SMTP

Maybe better, I do not know. I do not know right place to recommend this, I hope it is not too out of place here. Opportunistic TLS is a concept I do not like. DANE fixes the issues for system admins willing to implement DNSSEC and add a TLSA record but it seems many are not, so MTA-STS was

Re: A better way to do secure SMTP

On 1 Nov 2018, at 15:48, Alice Wonder wrote: Maybe better, I do not know. I do not know right place to recommend this, I hope it is not too out of place here. This list reaches a minority of Postfix admins, who are a minority of mail system admins, who are a minority of people with strong

Re: A better way to do secure SMTP

On Thu, Nov 01, 2018 at 01:15:04PM -0700, Alice Wonder wrote: > > My advice is to accept the current state as a transitional phase to > > to potentially more secure email in a decade or so from now. > > > > Both opportunistic TLS and DANE secured TLS could still be supported on > Port 25

Re: Postscreen newb questions

On 1 Nov 2018, at 12:03, Viktor Dukhovni wrote: On Nov 1, 2018, at 11:30 AM, Bill Cole wrote: I intend to experiment with postscreen on 587 on the next Postfix system I work with where compromised accounts are a problem. Don't waste your time. Postscreen cannot help you with this.

Re: A better way to do secure SMTP

> On Nov 1, 2018, at 3:48 PM, Alice Wonder wrote: > > Maybe better, I do not know. I do not know right place to recommend this, I > hope it is not too out of place here. > > Opportunistic TLS is a concept I do not like. DANE fixes the issues for > system admins willing to implement DNSSEC

Re: A better way to do secure SMTP

On 11/01/2018 01:35 PM, Viktor Dukhovni wrote: On Thu, Nov 01, 2018 at 01:15:04PM -0700, Alice Wonder wrote: My advice is to accept the current state as a transitional phase to to potentially more secure email in a decade or so from now. Both opportunistic TLS and DANE secured TLS could

Re: A better way to do secure SMTP

On 11/01/2018 01:00 PM, Viktor Dukhovni wrote: On Nov 1, 2018, at 3:48 PM, Alice Wonder wrote: Maybe better, I do not know. I do not know right place to recommend this, I hope it is not too out of place here. Opportunistic TLS is a concept I do not like. DANE fixes the issues for system

Re: macOS X, Operation not permitted - rename sendmail

On 2 Nov 2018, at 4:11 pm, Viktor Dukhovni mailto:postfix-us...@dukhovni.org>> wrote: > > On Fri, Nov 02, 2018 at 03:09:02PM +1100, James Brown wrote: > >> I run make with: >> >> $ make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \ >> -DDEF_SERVER_SASL_TYPE=\"dovecot\" \ >>

Re: A better way to do secure SMTP

On 11/01/2018 02:40 PM, Bill Cole wrote: On 1 Nov 2018, at 15:48, Alice Wonder wrote: Maybe better, I do not know. I do not know right place to recommend this, I hope it is not too out of place here. This list reaches a minority of Postfix admins, who are a minority of mail system admins,

Re: A better way to do secure SMTP (closing the thread I hope...)

> On Nov 2, 2018, at 12:43 AM, @lbutlr wrote: > > After all, if the encryption fails, the mail is sent in the clear. I think we should stop here. This thread is getting off track. -- Viktor.

Re: macOS X, Operation not permitted - rename sendmail

> On 1 Oct 2018, at 6:13 pm, Viktor Dukhovni > wrote: > > On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote: > >> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra. >> >> Sudo make install finishes with: >> >> Updating

Re: A better way to do secure SMTP

On 01 Nov 2018, at 13:48, Alice Wonder wrote: > Opportunistic TLS is a concept I do not like. DANE fixes the issues for > system admins willing to implement DNSSEC and add a TLSA record but it seems > many are not, so MTA-STS was invented. > > MTA-STS has the same flaw as opportunistic TLS. It

Re: macOS X, Operation not permitted - rename sendmail

On Fri, Nov 02, 2018 at 03:09:02PM +1100, James Brown wrote: > I run make with: > > $ make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \ > -DDEF_SERVER_SASL_TYPE=\"dovecot\" \ > -DDEF_COMMAND_DIR=\"/usr/local/sbin\" \ > -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \ >