Re: Memcache table ttl vs postscreen _ttl and verify expire/refresh
On 9/3/2021 5:38 AM, Kristian wrote: Hi, I have a setup of two MX servers sharing postscreen and verify cache using a memcached service. At the moment, my config for this is (on both servers): /etc/postfix/main.cf: postscreen_cache_map = memcache:/etc/postfix/postscreen_cache.cf postscreen_cache_cleanup_interval = 0 address_verify_map = memcache:/etc/postfix/verify_cache.cf address_verify_cache_cleanup_interval = 0 /etc/postfix/postscreen_cache.cf: memcache = inet:1.2.3.4:11211 key_format = postscreen:%s /etc/postfix/verify_cache.cf: memcache = inet:1.2.3.4:11211 ttl = 86400 key_format = verify:%s What I haven't been able to grasp, is how exactly the memcache table's ttl value affects the postscreen_*_ttl values and verify's expire/refresh times, or vice versa. For example, I have postscreen_bare_newline_ttl = 30d, but with a memcache ttl of (default) 3600, which one is the true value? Settings for postscreen and verify that possibly are affected by the memcache table's ttl could be: postscreen_bare_newline_ttl = 30d postscreen_greet_ttl = 1d postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_ttl = 30d postscreen_cache_retention_time = 7d postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h postscreen_dnsbl_min_ttl = 60s address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 10m address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d Are some of these settings unused with a cleanup of 0, or is that a completely different operation? Generally, the smallest TTL is what will be used. Memcache will remove entries that have not been accessed for $TTL. Postscreen and address verify will not use records that have not been refreshed for their respective $TTL. So they are similar, but not exactly the same. The expire time marks records as "old" but does not remove them. The cleanup function removes/deletes expired records. See http://www.postfix.org/memcache_table.5.html and especially the notes under the "backup" and "ttl" options. -- Noel Jones
Memcache table ttl vs postscreen _ttl and verify expire/refresh
Hi, I have a setup of two MX servers sharing postscreen and verify cache using a memcached service. At the moment, my config for this is (on both servers): /etc/postfix/main.cf: postscreen_cache_map = memcache:/etc/postfix/postscreen_cache.cf postscreen_cache_cleanup_interval = 0 address_verify_map = memcache:/etc/postfix/verify_cache.cf address_verify_cache_cleanup_interval = 0 /etc/postfix/postscreen_cache.cf: memcache = inet:1.2.3.4:11211 key_format = postscreen:%s /etc/postfix/verify_cache.cf: memcache = inet:1.2.3.4:11211 ttl = 86400 key_format = verify:%s What I haven't been able to grasp, is how exactly the memcache table's ttl value affects the postscreen_*_ttl values and verify's expire/refresh times, or vice versa. For example, I have postscreen_bare_newline_ttl = 30d, but with a memcache ttl of (default) 3600, which one is the true value? Settings for postscreen and verify that possibly are affected by the memcache table's ttl could be: postscreen_bare_newline_ttl = 30d postscreen_greet_ttl = 1d postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_ttl = 30d postscreen_cache_retention_time = 7d postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h postscreen_dnsbl_min_ttl = 60s address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 10m address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d Are some of these settings unused with a cleanup of 0, or is that a completely different operation? -- Kristian
Re: why outlook Mail has no DKIM setup?
On Fri, Sep 03, 2021 at 04:14:55AM +, w...@purpleemail.com wrote: > Greetings, > > It seems my outlook.hu email doesn't setup a DKIM for outgoing messages. > The result showed in gmail header: > > SPF: PASS with IP 40.92.18.14 Learn more > DMARC:'PASS' > > It has only spf setup, no DKIM. if the message was forwarded by the third > party, the DMARC will fail. > > Can you help explaining this? > > Thanks. That's probably a question for Microsoft to answer. :-) There is a _dmarc.outlook.hu TXT record: "v=DMARC1; p=none; rua=mailto:d...@rua.agari.com;ruf=mailto:d...@ruf.agari.com;fo=1:s:d; but the policy is "none", so it doesn't matter if DMARC fails. A DMARC failure shouldn't result in any email being quarantined or rejected. A wierd thing is that their _dmarc record has "fo=1:s:d" which means that they want to receive reports for any DKIM failure. That would be every email that comes out of there. Maybe they are conducting a study on DMARC checkers. cheers, raf