Hi there,
Im new to the whole postix, dkim and other mail related things so this
question might be asked befor or stupid at all but I couldn't find
something on the net (or I'm just to stupid to look for it). So here we
go ...
I configured dkim with dkimproxy for outgoing mail and this works
For secure comm between my null client to my smtp server, do I need SASL if
I use TLS for authentication also?
Thanks.
-Tom
On 15.08.2017 14:13, Tom Browder wrote:
> For secure comm between my null client to my smtp server, do I need
> SASL if I use TLS for authentication also?
That's rather unspecific re what you are trying to accomplish and how
you have configured Postfix. http://www.postfix.org/TLS_README.html
shou
On Tue, Aug 15, 2017 at 07:25 Ralph Seichter
wrote:
> On 15.08.2017 14:13, Tom Browder wrote:
>
> > For secure comm between my null client to my smtp server, do I need
> > SASL if I use TLS for authentication also?
>
> That's rather unspecific re what you are trying to accomplish and how
> you ha
Hello Tom,
I'm also interested in this question.
On 15/08/17 15:55, Tom Browder wrote:
(2) use TLS client certs for the authentication of the relay clients, and
I see problem with this part. Nothing in docs says postfix uses or at
least properly traces and logs client CNs from presented certif
On Tue, Aug 15, 2017 at 08:28 Marat Khalili wrote:
> Hello Tom,
>
> I'm also interested in this question.
>
> On 15/08/17 15:55, Tom Browder wrote:
>
> (2) use TLS client certs for the authentication of the relay clients, and
>
> I see problem with this part. Nothing in docs says postfix uses or
On 15.08.2017 14:55, Tom Browder wrote:
> I want to: (1) use TLS for an encrypted SMTP connections from
> authorized relay clients, (2) use TLS client certs for the
> authentication of the relay clients, and (3) avoid use of
> SASL entirely.
In your master.cf, you can use something along these li
Marat Khalili wrote:
> On 15/08/17 15:55, Tom Browder wrote:
>> (2) use TLS client certs for the authentication of the relay clients, and
>
> I see problem with this part. Nothing in docs says postfix uses or at least
> properly
> traces and logs client CNs from presented certificates. Therefore
IIRC I've implemented client authc based on cert fingerprint maps back in
winter '99
(based on Lutz postfix-tls patches). So yes, it's feasible provided you issue
personal
client certs to all your users.
http://www.postfix.org/postconf.5.html#relay_clientcerts
Thanks for pointing, missed this o
On Tue, Aug 15, 2017 at 10:00 Marat Khalili wrote:
> > IIRC I've implemented client authc based on cert fingerprint maps back
> in winter '99
> > (based on Lutz postfix-tls patches). So yes, it's feasible provided you
> issue personal
> > client certs to all your users.
> >
> > http://www.postfix
I think your thanks should certainly go to Michael!
Please tell us how it went.
--
With Best Regards,
Marat Khalili
On Tue, Aug 15, 2017 at 10:48 Marat Khalili wrote:
> I think your thanks should certainly go to Michael!
You are correct!
Many thanks, Michael! I hope to use that TLS capability soon.
>
> Please tell us how it went.
Definitele, and I'll probably have questions before it's complete.
Best,
Tom Browder wrote:
> On Tue, Aug 15, 2017 at 10:48 Marat Khalili wrote:
>
>> I think your thanks should certainly go to Michael!
>
> You are correct!
>
> Many thanks, Michael! I hope to use that TLS capability soon.
You're welcome.
But credits go to Wietse, Viktor, Lutz, et al who have implem
Hi,
Can I use multiple instances of postfix on the same host with different
ports like 25 and 587?
I understand I can start one instance with port 25 and then change the port
in master.cf and start another one. Will that be OK??? Has anyone tried
that??
I don't want to try on my host right n
On Tue, Aug 15, 2017 at 04:33:28PM +0200, Ralph Seichter wrote:
> > I want to: (1) use TLS for an encrypted SMTP connections from
> > authorized relay clients, (2) use TLS client certs for the
> > authentication of the relay clients, and (3) avoid use of
> > SASL entirely.
>
> In your master.cf,
On Tue, Aug 15, 2017 at 08:20:51PM +0400, Mohammed Khalid Ansari wrote:
> Can I use multiple instances of postfix on the same host with different
> ports like 25 and 587?
Each instance has its own master.cf file. The "inet" entries in
that file, toghether with the inet_interfaces setting determi
On 15.08.2017 18:27, Viktor Dukhovni wrote:
> Don't forget to add:
> -o smtpd_tls_ask_ccert=yes
> -o smtpd_tls_fingerprint_digest=sha256
Quite so, I had trimmed down my example configuration snippet too much.
Interestingly,
http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest
doe
On Tue, Aug 15, 2017 at 06:57:26PM +0200, Ralph Seichter wrote:
> On 15.08.2017 18:27, Viktor Dukhovni wrote:
>
> > Don't forget to add:
> > -o smtpd_tls_ask_ccert=yes
> > -o smtpd_tls_fingerprint_digest=sha256
>
> Quite so, I had trimmed down my example configuration snippet too much.
>
> Inte
On 15.08.2017 19:12, Viktor Dukhovni wrote:
> The supported digest names/algorithms are a feature of the underlying
> OpenSSL library, Postfix just passes the specified name to
> EVP_get_digestbyname(3).
Fair enough. It might be worth mentioning this in the Postfix docs.
> In the absence of any
On Tue, Aug 15, 2017 at 07:20:32PM +0200, Ralph Seichter wrote:
> On 15.08.2017 19:12, Viktor Dukhovni wrote:
>
> > The supported digest names/algorithms are a feature of the underlying
> > OpenSSL library, Postfix just passes the specified name to
> > EVP_get_digestbyname(3).
>
> Fair enough. It
On Tue, Aug 15, 2017 at 07:20:32PM +0200, Ralph Seichter wrote:
> I agree, and I am not worried about SHA1 at this point. Still, if better
> digests are available simply by configuring a different algorithm name
> via smtpd_tls_fingerprint_digest, I'm all for using one of them.
The hardest part i
Check out postmulti(1) manual page. Part of postfix package, at least on
my debian system. This will let you have separate configurations
(including master.cf) started by a single init-script. This works quite
well, way better than making something similar manually.
Den 15. aug. 2017 18:35, skrev
On 15.08.2017 19:47, Viktor Dukhovni wrote:
> The hardest part is making sure you still have a copy of all the
> authorized public keys or certificates, so that you can compute a
> new digest.
I am dealing with approximately a dozen certificates, most of them for
server-to-server communication. T
Hello,
Postfix normally filters mail using a pipeline like
smtp --> content_filter --> smtpd
but it lacks the lmtpd that would also enable
lmtp --> content_filter --> lmtpd
Why is that useful?
I've seen a few questions posted about forking mail. This is usually a
bad idea for incoming mail,
On Tue, Aug 15, 2017 at 10:25:19PM +0200, Rick van Rein wrote:
> Postfix normally filters mail using a pipeline like
>
> smtp --> content_filter --> smtpd
The SMTP server atomically commits a single queue-file, so there's
no advantage to talking LMTP.
> but it lacks the lmtpd that would also e
Hi Viktor,
> By all means deploy an LMTP content_filter, but use SMTP to re-inject
> the filtered messages. If a group of recipients temp-fails the
> re-injection, send a failure code for that group to the front-end
> LMTP client.
Yes, that should also work, thanks.
I was focussing on passing f
26 matches
Mail list logo
