Hey there,
I just registered to this list, so sorry if that matter was already discussed
in the past. My question/proposal is targeted at the developers of Postfix.
Postfix in fact does already host-certificate checks in both directions/roles,
which results in Trusted TLS connections
Am 11.07.2014 11:10, schrieb BlueStar88:
I'd like to setup a Trusted-only MTA for a special domain.
if you have both servers under your control you may always cover con by
vpn, and use special transport ,additional to postfix secure features
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
On Fri, 11 Jul 2014 11:29:11 +0200
Robert Schetterer r...@sys4.de wrote:
Am 11.07.2014 11:10, schrieb BlueStar88:
I'd like to setup a Trusted-only MTA for a special domain.
if you have both servers under your control you may always cover con by
vpn, and use special transport ,additional to
Am 11.07.2014 11:53, schrieb BlueStar88:
On Fri, 11 Jul 2014 11:29:11 +0200
Robert Schetterer r...@sys4.de wrote:
Am 11.07.2014 11:10, schrieb BlueStar88:
I'd like to setup a Trusted-only MTA for a special domain.
if you have both servers under your control you may always cover con by
On Fri, 11 Jul 2014 12:02:34 +0200
Robert Schetterer r...@sys4.de wrote:
something like this ?
relay_clientcerts (default: empty)
List of tables with remote SMTP client-certificate fingerprints or
public key fingerprints (Postfix 2.9 and later) for which the Postfix
SMTP server will allow
Am 11.07.2014 12:31, schrieb BlueStar88:
On Fri, 11 Jul 2014 12:02:34 +0200
Robert Schetterer r...@sys4.de wrote:
something like this ?
relay_clientcerts (default: empty)
List of tables with remote SMTP client-certificate fingerprints or
public key fingerprints (Postfix 2.9 and
On Fri, Jul 11, 2014 at 11:10:37AM +0200, BlueStar88 wrote:
Postfix in fact does already host-certificate checks in both
directions/roles, which results in Trusted TLS connections
established from/to ... in the optimum case.
What would the server do differently with a client certificate than
On Fri, 11 Jul 2014 14:44:42 +
Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Fri, Jul 11, 2014 at 11:10:37AM +0200, BlueStar88 wrote:
Postfix in fact does already host-certificate checks in both
directions/roles, which results in Trusted TLS connections
established from/to ... in
BlueStar88:
for quite some while. I can see successful chain walks on inbound
connections resulting in Trusted TLS connection established from.
Trusted verifies the CA chain, not the client DNS name.
With HTTP clients, the certificate name check confirms that the
client has a TLS connection
There's a new trick in the spammer's bag of tricks. Companies like
strikeiron and briteverify are springing up promising to verify email
addresses so that senders can limit sending invalid emails to MTAs and
thus wind up on their suspicious sender list. I can't think of a
single legitimate use
Am 11.07.2014 21:02, schrieb D'Arcy J.M. Cain:
There's a new trick in the spammer's bag of tricks. Companies like
strikeiron and briteverify are springing up promising to verify email
addresses so that senders can limit sending invalid emails to MTAs and
thus wind up on their suspicious
On Fri, 11 Jul 2014 21:06:59 +0200
li...@rhsoft.net li...@rhsoft.net wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject the balance
of the session. Two, we reject the session because of an RBL.
Three, someone is
Am 11.07.2014 22:16, schrieb D'Arcy J.M. Cain:
On Fri, 11 Jul 2014 21:06:59 +0200
li...@rhsoft.net li...@rhsoft.net wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject the balance
of the session. Two, we reject the
On 7/11/2014 3:16 PM, D'Arcy J.M. Cain wrote:
On Fri, 11 Jul 2014 21:06:59 +0200
li...@rhsoft.net li...@rhsoft.net wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject the balance
of the session. Two, we reject the
Noel Jones:
[ Charset ISO-8859-1 converted... ]
On 7/11/2014 3:16 PM, D'Arcy J.M. Cain wrote:
On Fri, 11 Jul 2014 21:06:59 +0200
li...@rhsoft.net li...@rhsoft.net wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject
On 11 Jul 2014, at 16:16, D'Arcy J.M. Cain wrote:
On Fri, 11 Jul 2014 21:06:59 +0200
li...@rhsoft.net li...@rhsoft.net wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject the balance
of the session. Two, we reject the
Thanks to everybody for the pointer to the good ideas and docs.
I read everything and made some mistakes but I have it working with the
flatfile style now!
Thanks
Arun
On Wednesday, July 9, 2014 11:59 PM, Narcis Garcia informat...@actiu.net
wrote:
As I understood, Postfix can deliver
I am installing my Postfix server.
I am reading about the configuration options.
I see that there are many formats to use for lookups.
I see for exanple this
...
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database =
Arun:
I see that there are many formats to use for lookups.
I see for exanple this
...
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
alias_maps = hash:/etc/aliases
...
in one example doc.
I can
I suggest that you use what is shown the examples.
I did use the Postfix documentation.
Is it wrong to ask questions? Is 'why' not allowable ? I guess it is because
you say so!
I have reading the mailing lists too and see you are the author. Why are you
always being such a mean old man to
On Fri, Jul 11, 2014 at 05:45:30PM -0700, Arun wrote:
I can understand that there ARE diferences? I do not understand
when to use which one.
It is conjectured that btree is perhaps better for random-access
read-write databases where Postfix maintains an update cursor for
cleanup of stale
21 matches
Mail list logo