Re: smtp_tls-security_level .may/dane/encrypt

> On May 26, 2017, at 10:01 PM, John wrote: > >>> I currently use "smtp_tls_security_level = dane" but recent discussion >>> have made me wonder if I should change that. Maybe encrypt. >> These address entirely different use-cases. So no. >> >> Use "encrypt" when all mail goes to a single re

Re: smtp_tls-security_level .may/dane/encrypt

Thanks Viktor. I try not to mess with my configuration too much, working on the principal is it ain't broke don't fix it. John A On 5/26/17 9:44 PM, Viktor Dukhovni wrote: On May 26, 2017, at 9:40 PM, John wrote: I currently use "smtp_tls_security_level = dane" but recent discussion have

Re: smtp_tls-security_level .may/dane/encrypt

> On May 26, 2017, at 9:40 PM, John wrote: > > I currently use "smtp_tls_security_level = dane" but recent discussion have > made me wonder if I should change that. Maybe encrypt. These address entirely different use-cases. So no. Use "encrypt" when all mail goes to a single relayhost with

smtp_tls-security_level .may/dane/encrypt

I currently use "smtp_tls_security_level = dane" but recent discussion have made me wonder if I should change that. Maybe encrypt. john A --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus smtp inet n - n -

Re: Can this SASL configuration be improved

> On May 26, 2017, at 11:29 AM, Fazzina, Angelo > wrote: > > Have you considered limiting weak ciphers ? > > smtpd_tls_exclude_ciphers = That layer of tweak is neither recommended nor needed. What is recommended is: smtpd_tls_ciphers = medium smtp_tls_ciphers = medium thes

RE: Can this SASL configuration be improved

Hi, Have you considered limiting weak ciphers ? smtpd_tls_exclude_ciphers = -ALF -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut, UITS, SSG, Server Systems 860-486-9075 From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf O

Can this SASL configuration be improved

In my main.cf I have: # SASL stuff smtp_sasl_auth_enable = yes smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = encrypt smtp_sasl_password_maps = hash:/etc

Re: Recipient Restrictions

On 05/24/2017 06:00 PM, Noel Jones wrote: On 5/24/2017 8:11 AM, GP wrote: Hi all, is it possible to have restrictions that apply to certain users only with postfix ? Yes, using either smtpd_restriction_classes or an external policy service. http://www.postfix.org/RESTRICTION_CLASS_README.html

Re: Issue with SASL authentication

Daniel, * Daniel Bareiro : > So it's all limited to that saslauth is not able to authenticate without > the realm. What I can not find out is why this happens. I do not see the > difference in the configuration between both servers. > > In any case, it seems that Cyrus IMAP is able to run smoothl