Re: trying to get STARTTLS working

On 04/05/2013 01:10 PM, Wietse Venema wrote: > Postfix logs all errors! You just have to read it. David Benfell: > And I had been scouring journalctl -b trying to find them. They > weren't there. This is running under systemd--and no, I'm not > entirely thrilled with the logging. Wietse: > Look a

Re: trying to get STARTTLS working

Viktor Dukhovni: > On Fri, Apr 05, 2013 at 04:54:57PM -0400, Wietse Venema wrote: > > > On 04/05/2013 01:10 PM, Wietse Venema wrote: > > > Postfix logs all errors! You just have to read it. > > > > David Benfell: > > > And I had been scouring journalctl -b trying to find them. They > > > weren't

Re: trying to get STARTTLS working

On Fri, Apr 05, 2013 at 04:54:57PM -0400, Wietse Venema wrote: > On 04/05/2013 01:10 PM, Wietse Venema wrote: > > Postfix logs all errors! You just have to read it. > > David Benfell: > > And I had been scouring journalctl -b trying to find them. They > > weren't there. This is running under syst

Re: trying to get STARTTLS working

On 04/05/2013 01:10 PM, Wietse Venema wrote: > Postfix logs all errors! You just have to read it. David Benfell: > And I had been scouring journalctl -b trying to find them. They > weren't there. This is running under systemd--and no, I'm not entirely > thrilled with the logging. Look at /var/log

Re: trying to get STARTTLS working

David Benfell: > munich# telnet munich 25 > Trying 193.34.144.104... > Connected to munich. > Escape character is '^]'. > 220 mail.parts-unknown.org ESMTP Postfix > ehlo parts-unknown.org > 250-mail.parts-unknown.org > 250-PIPELINING > 250-SIZE 20971520 > 250-VRFY > 250-ETRN > 250-ENHANCEDSTATUSCOD

Re: trying to get STARTTLS working

On 4/5/2013 3:58 PM, David Benfell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I had this working, at least sort of, on my old Arch Linux system. I'm migrating to a new one, also Arch Linux. Copying the configuration and just modifying it for new hostnames (and IP addresses?) d

trying to get STARTTLS working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I had this working, at least sort of, on my old Arch Linux system. I'm migrating to a new one, also Arch Linux. Copying the configuration and just modifying it for new hostnames (and IP addresses?) didn't work. Here's postconf -n: address_ve

Re: Multiple recipient_delimiter address extensions?

/dev/rob0: > On Fri, Apr 05, 2013 at 09:23:42AM -0400, Wietse Venema wrote: > > Wietse Venema: > > > I've done a proof-of-concept implementation that works as > > > documented below the signature. > > > > I was able to simplify this further. The result is below. > > Comments are welcome. > > Tha

Re: Distributed user in Postfix

Gaby L: > How create any users in multiple distributed system? > This user physical is stored only one central machine then is > accesed through diverse distribute mechanism (same DNS),or is > replicate in all machine? One or more LDAP or *SQL servers, perhaps accelerated with memcached. Postfix

Distributed user in Postfix

How create any users in multiple distributed system? This user physical is stored only one central machine then is accesed through diverse distribute mechanism (same DNS),or is replicate in all machine? Thanks

Re: Multiple recipient_delimiter address extensions?

Viktor Dukhovni: > On Fri, Apr 05, 2013 at 09:23:42AM -0400, Wietse Venema wrote: > > > Wietse Venema: > > > I've done a proof-of-concept implementation that works as documented > > > below the signature. > > > > I was able to simplify this further. The result is below. > > Comments are welcome.

specific internal user rerouting to external mail service

Hi, I hope I have a simple request for how and where to look to accomplish this. Situation - I was using postfix as a gateway to route incoming mail to two locations, one a listserv server and second to an exchange server with a couple of family users internally. I had a hardware crash of the excha

Re: Multiple recipient_delimiter address extensions?

On Fri, Apr 05, 2013 at 09:23:42AM -0400, Wietse Venema wrote: > Wietse Venema: > > I've done a proof-of-concept implementation that works as > > documented below the signature. > > I was able to simplify this further. The result is below. > Comments are welcome. Thanks. A very minor complaint i

Re: StartTLS frustrations

Peter, Take a peek inside the CA and cert files using openssl x509 -inform pem -in [file] -noout -text and use openssl rsa with the same arguments to peek in the private key, and make sure they contain what you expect they should contain. Let us know if you see anything peculiar inside or not. G

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 05:29:41PM +0200, Reindl Harald wrote: > > > > smtpd_tls_certfile=/etc/postfix/ssl/server.crt > The correct parameter is smtpd_tls_cert_file > I must have looked at that and not comprehended what I was seeing for about 100 times. That's why I was looking for "another s

Re: StartTLS frustrations

Am 05.04.2013 17:23, schrieb Peter L. Berghold: > On Fri, Apr 05, 2013 at 05:19:36PM +0200, Reindl Harald wrote: >> >> >> well, and this remains from your ACTIVE config >> do you notice the "smtpd_use_tls = no"? > > Yes. I turned it off for now while I seek out advise as to why it is not > wor

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 11:23:33AM -0400, Peter L. Berghold wrote: > On Fri, Apr 05, 2013 at 05:19:36PM +0200, Reindl Harald wrote: > > > > > > well, and this remains from your ACTIVE config > > do you notice the "smtpd_use_tls = no"? > > Yes. I turned it off for now while I seek out advise as

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 05:19:36PM +0200, Reindl Harald wrote: > > > well, and this remains from your ACTIVE config > do you notice the "smtpd_use_tls = no"? Yes. I turned it off for now while I seek out advise as to why it is not working for now. It will be turned back on when I have some id

Re: StartTLS frustrations

Am 05.04.2013 17:13, schrieb Peter L. Berghold: > On Fri, Apr 05, 2013 at 04:58:14PM +0200, Reindl Harald wrote: >> >> we don't know because you refused to provide output of >> "postconf -n" > > as you wish: well, and this remains from your ACTIVE config do you notice the "smtpd_use_tls = no"?

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 11:06:16AM -0400, Peter L. Berghold wrote: > On Fri, Apr 05, 2013 at 10:57:42AM -0400, Vitaly Tskhovrebov wrote: > >Include intermediary certs in your chain. > > I think I have... what I did was get their ca.cert via a wget and then I > manually downloaded their Class

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 04:58:14PM +0200, Reindl Harald wrote: > > > we don't know because you refused to provide output of > "postconf -n" as you wish: # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 10:57:42AM -0400, Vitaly Tskhovrebov wrote: >Include intermediary certs in your chain. > I think I have... what I did was get their ca.cert via a wget and then I manually downloaded their Class 1 Intermediate Server CA and their Class 2 Intermediate Server CA and adde

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 10:46:57AM -0400, Peter L. Berghold wrote: > This is aping everything I've read on the topic on a variety of sites. Instead of aping, try: http://www.postfix.org/TLS_README.html#server_tls http://www.postfix.org/TLS_README.html#client_tls > Here are the a

Re: StartTLS frustrations

Am 05.04.2013 16:46, schrieb Peter L. Berghold: > Gettting very frustrated with trying to set up TLS using a StartSSL (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_use_tls = yes > smtp_use_tls = yes > smtp_tls_note_starttls_offer =

Re: StartTLS frustrations

Include intermediary certs in your chain. On Fri, Apr 5, 2013 at 10:46 AM, Peter L. Berghold wrote: > Hi Folks, > > Gettting very frustrated with trying to set up TLS using a StartSSL > (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_us

Re: StartTLS frustrations

On Fri, Apr 05, 2013 at 04:54:37PM +0200, Robert Schetterer wrote: > > debian chroot ? Nope. Not running chroot. -- Peter L. Berghold pe...@berghold.net Unix Professional, Beer Brewer, Dog

Re: StartTLS frustrations

Am 05.04.2013 16:46, schrieb Peter L. Berghold: > Hi Folks, > > Gettting very frustrated with trying to set up TLS using a StartSSL (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_use_tls = yes > smtp_use_tls = yes > smtp_tls_note_star

StartTLS frustrations

Hi Folks, Gettting very frustrated with trying to set up TLS using a StartSSL (StartCom) cert. Here are the applicable lines (sanitized of course) I used to set this up: smtpd_use_tls = yes smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem smt

Re: Multiple recipient_delimiter address extensions?

On Fri, Apr 05, 2013 at 09:23:42AM -0400, Wietse Venema wrote: > Wietse Venema: > > I've done a proof-of-concept implementation that works as documented > > below the signature. > > I was able to simplify this further. The result is below. > Comments are welcome. One issue this does not discuss

Re: Trouble configuring backup MX to reject unauth destination

Fri, 05 Apr 2013 08:49:39 -0400 skrev Brian Evans : > > Thank you for the link, it was very informative, but didn't solve > > the problem. I also tried making a virtual_mailbox_maps MySQL query > > that always returned false, but Postfix still accepted all mail, > > and then bounced it after Dovec

Re: Multiple recipient_delimiter address extensions?

Wietse Venema: > I've done a proof-of-concept implementation that works as documented > below the signature. I was able to simplify this further. The result is below. Comments are welcome. The problem with forward_path could be solved without requiring changes to the forward_path default setting:

Re: Scheduling policies for outgoing smtp server

Giorgio Luchi: >I've read the article at "http://www.postfix.org/SCHEDULER_README.html >The question is about a specific scenario to understand the behaviour >of the scheduler: - The scheduler makes decisions primarily based on destinations and recipient email addresses; not on sender email addr

Re: Trouble configuring backup MX to reject unauth destination

On 4/5/2013 6:56 AM, Titanus Eramius wrote: Mon, 25 Mar 2013 14:09:04 -0400 (EDT) skrev Wietse Venema : Titanus Eramius: MAIL FROM:<> 250 2.1.0 Ok RCPT TO: 250 2.1.5 Ok RCPT TO: 250 2.1.5 Ok If non-exist...@cogky.dk is substituted with non-exist...@aptget.dk, then it is still rejected with "..

Re: Trouble configuring backup MX to reject unauth destination

Mon, 25 Mar 2013 14:09:04 -0400 (EDT) skrev Wietse Venema : > Titanus Eramius: > > MAIL FROM:<> > > 250 2.1.0 Ok > > RCPT TO: > > 250 2.1.5 Ok > > RCPT TO: > > 250 2.1.5 Ok > > > If non-exist...@cogky.dk is substituted with non-exist...@aptget.dk, > > then it is still rejected with "... unknown

Scheduling policies for outgoing smtp server

Hi, I've read the article at "http://www.postfix.org/SCHEDULER_README.html ". The question is about a specific scenario to understand the behaviour of the scheduler: - User A, with ip address IP_A, sends 1 different email to 1 million of different