On Thu, Jan 13, 2011 at 07:36:12AM +0200, Jaques Cochet wrote:
I'm working on a mail system design for an ISP that includes hosting
of multiple virtual domains managed by this ISP (300.000 mailbox). HA
and performance are both important concerns for the client, so I have
at least 2 of every
Reading through the logs I noted recurring initializing the client-side TLS
engine entries that seem to take place no matter if the smtp client is using
TLS at the moment or not.
So I am curious. Why is it that the Postfix smtp client initializes the
client-side TLS engine on a regular basis?
Jonathan Tripathy put forth on 1/12/2011 8:58 AM:
Major point is that GlusterFS is NOT another file system. GlusterFS uses a
disk based backend and relies heavily on the underlying filesystem extended
attributes for handling which file is more recent on one brick over another
when performing
Good afternoon list.
We have a problem of a number of our clients which appear to have been
affected by malware/bots.
these clients use our servers as a smarthost.
The messages are similar, so creating a spam filter for spamassassin has
been done.
I have noticed that the sender is either
Take a look at http://www.dbmail.org/ for imap/pop3
you can have as many servers you want connected with the
same database, i would use dovecot as proxy and for sasl-auth
which would give you even the option to use mysql-slaves
fpr the readonly-requests to spread the database-load
Am 13.01.2011
Have you guys considered using Perdition to proxy/redirect IMAP/POP to
distribute backend storage to as many as backends as you want? You
wont need any SAN/NAS/NFS/GFS/whatever, just a user/storage mapping
(ldap, mysql, etc...), and you might even add spare or active/active
servers to each storage
Patrick Ben Koetter:
Reading through the logs I noted recurring initializing the client-side TLS
engine entries that seem to take place no matter if the smtp client is using
TLS at the moment or not.
Don't turn on verbose logging by default.
So I am curious. Why is it that the Postfix smtp
On Thu, Jan 13, 2011 at 09:59:26AM -0200, Deives Michellis wrote:
Have you guys considered using Perdition to proxy/redirect IMAP/POP to
distribute backend storage to as many as backends as you want?
Yes, but I prefer dovecot (since that's what we're running on the
backend POP/IMAP-servers). It
Perdition works WITH dovecot (or whatever imap server you use). It's
just a proxy - will redirect connections based on username, origin,
etc...
On Thu, Jan 13, 2011 at 10:38:05AM -0200, Deives Michellis wrote:
Perdition works WITH dovecot (or whatever imap server you use). It's
just a proxy - will redirect connections based on username, origin,
etc...
Yes, I know, and dovecot director also works with dovecot (or any
other imap server
On 13/01/11 09:58, Stan Hoeppner wrote:
Jonathan Tripathy put forth on 1/12/2011 8:58 AM:
Major point is that GlusterFS is NOT another file system. GlusterFS uses a
disk based backend and relies heavily on the underlying filesystem extended
attributes for handling which file is more recent on
Currently on my MX servers I use a custom rhsbl to reject domains
blacklisted by us. The DNS lookups are handled using a local rbldnsd
server.
I am trying to create a list of spammer email ids so that I can reject
spammers of neutral domains. But this can be a potentially huge list.
I am not
On 1/13/2011 4:35 AM, Tom Kinghorn wrote:
Good afternoon list.
We have a problem of a number of our clients which appear to
have been affected by malware/bots.
these clients use our servers as a smarthost.
The messages are similar, so creating a spam filter for
spamassassin has been done.
I
Postfix 2.8 is almost ready to become the new stable release. The
only thing in the pipeline is evalating the mysql update, sequence
and cache cleanup support.
There have been a few late changes to clean up the postscreen user
interface. I left in some backwards compatibility support for early
Le 13/01/2011 13:46, Jan-Frode Myklebust a écrit :
On Thu, Jan 13, 2011 at 10:38:05AM -0200, Deives Michellis wrote:
Perdition works WITH dovecot (or whatever imap server you use). It's
just a proxy - will redirect connections based on username, origin,
etc...
Yes, I know, and dovecot
On Thu, Jan 13, 2011 at 08:45:19AM -0600, Noel Jones wrote:
Once the cows get out, you can spend days rounding them up and some may
never be found. Better to keep the gate closed.
Corollary: Don't accept mail you can't deliver.
For a submission service, this means doing as much as possible
After some reading:
- GFS and maildir work bad together
- NFS and maildir are not that good, NFS and postfix have some issues
but should be OK.
I read that OCFS2 is promising. If it works good, I can use an IMAP
proxy and run IMAP on backend servers with postfix. As for SMTP
relaying/scanning and
Hi,
sorry, if this question might sound a bit stupid, but if I specify
relay_recipient_maps with all valid recipients that postfix should relay for,
why does it need relay_domains set? As an example:
I have connected relay_domains to LDAP and have an object that returns all
domains. I also
Christian Roessner:
Hi,
sorry, if this question might sound a bit stupid, but if I specify
relay_recipient_maps with all valid recipients that postfix should
relay for, why does it need relay_domains set? As an example:
If you wonder why Postfix does not always search all tables for
all
Hi there,
I am connecting to Postfix, send it message with TO address in a remote
domain, served by another mail server. I do not understand why such
relay is happening, I thought my Postfix would only accept messages
destined to local domains. Here is output of postconf -n. I did not
define
On Thu, Jan 13, 2011 at 03:55:31PM -0500, Zhou, Yan wrote:
I thought my Postfix would only accept messages
destined to local domains.
What am I missing?
mynetworks = 10.128.61.0/24, 10.128.12.0/24, 127.0.0.0/8
Clients with the IP addresses above,
sample_directory =
On 13/01/11 19:00, Jaques Cochet wrote:
After some reading:
- GFS and maildir work bad together
- NFS and maildir are not that good, NFS and postfix have some issues
but should be OK.
Where did you read that GFS worked badly with maildir? I'd be interested
to read into this
Thanks
Am 13.01.2011 21:55, schrieb Zhou, Yan:
I am connecting to Postfix, send it message with TO address in a remote
domain, served by another mail server. I do not understand why such
relay is happening
What do you expcet?
This is normal and they way email works
If you in my_networks relay is
From my log:
Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
remainder of this access list
The README says:
postscreen_access_list = permit_mynetworks,
/etc/postfix/postscreen_access.cidr
Ralf Hildebrandt:
From my log:
Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
remainder of this access list
The README says:
postscreen_access_list = permit_mynetworks,
The POSTSCREEN_README mentions:
See the postscreen_access_list manpage documentation for more details.
./man/man8/postscreen.8 is the only man page with postscreen as part
of the name - it does mention postscreen_access_list.
man 5 postconf is also not listing postscreen_access_list
--
Ralf
On Thu, Jan 13, 2011 at 10:41:53PM +0100, Ralf Hildebrandt wrote:
From my log:
Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
remainder of this access list
The README says:
postscreen_access_list
Ralf Hildebrandt:
The POSTSCREEN_README mentions:
See the postscreen_access_list manpage documentation for more details.
./man/man8/postscreen.8 is the only man page with postscreen as part
of the name - it does mention postscreen_access_list.
man 5 postconf is also not listing
* Wietse Venema wie...@porcupine.org:
Yes it does. You are looking at the old postconf manpage.
Damn. Gotta fix this mess:
# locate postconf.5 | xargs ls -l
-rw-r--r-- 1 root root 432025 13. Jan 16:00 /usr/share/man/man5/postconf.5
-rw-r--r-- 1 root root 85140 18. Sep 2009
On 1/12/11 4:34 PM, Markus Treinen wrote:
Hi,
your point is well taken. The reason for my setup is this:
I wanted to have virtual addresses for all my domains, which are
mapped separately to virtual users (meaning Maildirs delivered via
dovecot (mainly to use sieve)). Those virtual users would
On 1/13/11 8:34 AM, Mark (Lunatechnologies) wrote:
Hi there,
I'm using a virtual vacation script (version 3.2), which runs as a
content filter for a while - but I have one makjor problem.
Yes. Why would you run a per-user reply script through a system-wide
content_filter ?
Enable
Thanks Jeroen,
Finally cracked it tonight. You're right - the content filter itself was
unnecessary and was being run against every mail in and out.
so removed that and just left the vacation transport to handle anything with an
@autoreply.domain.com address (which I create in the alias table
Le 14/01/2011 00:25, Gary Smith a écrit :
I have an SSL key in pkcs12 format (pfx exported from Windows) that I need to
convert into the proper format for postfix. The pfs includes the entire
chain as well.
Anyone know the proper way to convert this file into the corresponding
openssl can convert between various formats.
http://www.sslshopper.com/article-most-common-openssl-commands.html
http://security.ncsa.illinois.edu/research/grid-
howtos/usefulopenssl.html
http://shib.kuleuven.be/docs/ssl_commands.shtml
...
Mouss,
Thanks for the follow up. I know that
On 1/14/11 12:24 AM, Mark (Lunatechnologies) wrote:
Thanks Jeroen,
Finally cracked it tonight. You're right - the content filter itself
was unnecessary and was being run against every mail in and out.
so removed that and just left the vacation transport to handle
anything with an
On Thu, Jan 13, 2011 at 03:36:41PM -0800, Gary Smith wrote:
# Export certificate
openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
your private key is compomised, unless your umask was 077.
# Export public key
On Thu, Jan 13, 2011 at 07:06:48PM -0500, Victor Duchovni wrote:
# Export certificate
openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
your private key is compomised, unless your umask was 077.
Oops, while
Oops, while the umask 077 is indeed required, this does produce a PEM
file with a usable key and certificate, provided the OpenSSL library
behind the pkcs12 command is not substantially newer than the one
Postfix
is linked with. If the command is from OpenSSL 1.0.0, it will generate
a
Understand that address rewriting is at the heart of Postfix - but I
struggle to configure Postfix to deliver messages which are sent to the
domain @nottheoilrig.com, to localhost via LMTP, with envelope recipient
nottheoilrig
Using transport_maps or various related parameters, I can deliver
On 1/14/11 2:00 AM, Jack Bates wrote:
Understand that address rewriting is at the heart of Postfix - but I
struggle to configure Postfix to deliver messages which are sent to the
domain @nottheoilrig.com, to localhost via LMTP, with envelope recipient
nottheoilrig
virtual_alias_maps:
openssl s_client -showcerts -state -quiet -status -connect localhost:465
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
3075593864:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
On Thu, Jan 13, 2011 at 04:49:43PM -0800, Gary Smith wrote:
(
umask
openssl pkcs12 -nodes -nocerts -out hsserver01.pem -in original.pfx
)
This contains the key only.
(
umask 077
openssl pkcs12 -nodes -nocerts -out certkey.pem -in original.pfx
)
THis contains the key
(just a faint impact, ...)
since postfix-2.8-20110102, postscreen_cache_map file has been
named psc_cache by default.
postfix-2.8-20110112:
./global/mail_params.h:#define DEF_PSC_CACHE_MAP
btree:$data_directory/psc_cache
though man postscreen said,
...
postscreen_cache_map
Tomoyuki Murakami:
(just a faint impact, ...)
since postfix-2.8-20110102, postscreen_cache_map file has been
named psc_cache by default.
postfix-2.8-20110112:
./global/mail_params.h:#define DEF_PSC_CACHE_MAP
btree:$data_directory/psc_cache
though man postscreen said,
...
Jonathan, check
http://web.archiveorange.com/archive/v/TUhSn61Ee1e4CqmzNaTd
http://www.mailinglistarchive.com/linux-clus...@redhat.com/msg07430.html
http://old.nabble.com/Dovecot-performance-on-GFS-clustered-filesystem-td19655678.html
On Thu, Jan 13, 2011 at 11:06 PM, Jonathan Tripathy
Hi Jaques,
Ah yes, I remember reading those. I don't think you have too much to
worry about in 2011 though. Those posts were from around 2008 when GFS
(The original implementation) didn't scale well for large mailboxes. It
was also around the time that GFS2 wasn't stable for production
46 matches
Mail list logo