Re: postfix 2.7.1 debian - does not query DNS
Stan Hoeppner schreef op 2013-11-09 04:22: On 11/8/2013 4:05 AM, li...@rhsoft.net wrote: there are only rare situations where a chrooted postfix makes sense and so they should not making a problematic default which gains nothing on 999 out of 1000 setups The reason for chrooting Postfix is due to a Debian policy established lng ago, and it is not Postfix specific. IIRC there's a class of services that all get chrooted in Debian, but for the life of me I can't seem to find the policy doc that explains this. So far I can't find it in the Debian Policy Manual http://www.debian.org/doc/debian-policy/ Not sure where it is, but the chroot policy is described somewhere. Debian is pretty good WRT documentation. Good at making it easy to find is another matter... As far as I know it was only under consideration long ago (around the time when Solaris Containers where introduced it became a topic again if I'm not mistaken) and it is an advisory for building packages on a developer machine. Postfix is still one of the few services doing it and I still wonder why as it makes things complex to a point where admins start playing with ln, chmod and cp to get things working. Reading bugreport 151692[1], seeing all the chroot bugreports and taking the request from the SELinux Debian Developers into account it makes me wonder a lot who is going to end this. Wietse or Debian Technical Committee. Hans [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=151692
Re: Setting up SPF in Postfix for sending
Scott Kitterman schreef op 2013-08-16 21:06: b...@bitrate.net wrote: On Aug 16, 2013, at 01.56, Rob Tanner wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. You may want to check thread "9.3.3 - SPF record checks" from May 30 2013 on the bind-users mailinglist. Hans
Re: Send email for users from any location
wie...@porcupine.org schreef op 2013-07-08 20:36: Dotan Cohen: > on a related note, as this is for humans to send mail from their mail > clients, you'll want to configure a proper submission [port 587] service. > see the commented example in master.cf for a starting point. smtp auth > should be offered only via the submission service, and not via mx service > [port 25]. additionally, encryption should be required for submission > traffic. > Are you referring to this: #smtps inet n - - - - smtpd I think he meant the service called "submission". "smtps" is obsolete, but apparently some software still uses it. Firefox OS Simulator 3.0.1 still prefers, read demands it, smtps over submission sadly enough. Hopefully they fix it or some helpdesks will have a fun time after the release of their first phone. Hans
Re: cert error on outlook when send email using ssl
Jerry schreef op 2013-06-29 22:05: On Sat, 29 Jun 2013 13:25:50 -0500 kazabe articulated: Hi. Im trying to use postfix with ssl. Now is working, but i have a little situation with the outloook clients. always to send a email, see a message "The name of the security certificate is invalid or does not match the name of the site" The message is sended after accept the message, but the end users are affraid with this message. Im looking o google about to how to solve, but all the info are related with ms exchange and i use postfix. Can you share me some clues to solve it? Why not just get a valid certificate? Some valid certificates require an intermediate certificate to be installed and presented together with signed certificate, but many forget to install it or do it incorrectly. Hans