Re: smtpd_discard_ehlo_keyword_address_maps support for hostnames

Oh, and what should happen when the host has multiple PTR records that properly satisfy the reverse/forward name check? Postfix picks only one, and it may not pick the same one every time.. Writing code is easy, what about writing first the documentation how this is supposed to behave? If a

Re: Letsencrypt tip

> On Sep 11, 2017, at 1:37 PM, Bill Shirley wrote: > > Thanks for the info. > > With acme.sh, reloads are only done when the certificate is renewed. It is best to just leave Postfix alone, and not reload even then. If you run certbot often enough to renew well in

Re: Letsencrypt tip

Thanks for the info. With acme.sh, reloads are only done when the certificate is renewed. Bill On 9/11/2017 1:18 PM, Viktor Dukhovni wrote: On Sep 11, 2017, at 1:10 PM, Bill Shirley wrote: acme.sh can issue the reload command (--reloadcmd):

Re: Letsencrypt tip

> On Sep 11, 2017, at 1:10 PM, Bill Shirley wrote: > > acme.sh can issue the reload command (--reloadcmd): > https://www.mail-archive.com/dovecot@dovecot.org/msg70894.html This is NOT needed for Postfix. The certificate file is not held in memory for a

Re: Letsencrypt tip

acme.sh can issue the reload command (--reloadcmd): https://www.mail-archive.com/dovecot@dovecot.org/msg70894.html Get an email from acme.sh: https://www.mail-archive.com/dovecot@dovecot.org/msg70895.html Bill On 9/11/2017 4:59 AM, Gary wrote: As you know, letsencrypt certs can be

RE: smtpd_discard_ehlo_keyword_address_maps support for hostnames

Hi Wietse, Very good question! >From my point of view I'd like to have the ability to chose whether to enable >this filtering option (separately from the existing IP filtering), acknowledging the risks of mail loss (with a "Here be dragons" warning in the documentation). If you are interested

Re: Throttling bursts of connections at postscreen? More to do here?

On 11 Sep 2017, at 10:24, /dev/rob0 wrote: >

Re: Throttling bursts of connections at postscreen? More to do here?

> > > Is there anything more you could do? Not really. If you really > > > want the log lines to go away you could put in a DENY in your > > > hosts table, but if you do that you're going to be doing it A > > > LOT. I wanted to know if these were overloading Postfix. Sounds like a no. Also

Re: Letsencrypt tip

Real-world example (ugly but works): letsencrypt -tn --apache renew | tee "$LOG_FILE" if ! grep -q '^No renewals were attempted.$' "$LOG_FILE"; then CERTIFICATES_PATH='/etc/letsencrypt/live/example.com' RENEWAL_STATUS=`sed -nr 's#^ '"$CERTIFICATES_PATH"'/fullchain.pem \((.*)\)$#\1#p'

How to check for upcoming certificate expiration...

> On Sep 11, 2017, at 5:21 AM, Dominic Raferd wrote: > > Does anyone know a way to detect if the certificate currently being used by > Postfix and/or Dovecot is nearing expiry (esp. in case they haven't picked up > the updated letsencrypt certificate)? See below for

Re: smtpd_discard_ehlo_keyword_address_maps support for hostnames

Nik Kostaras: > Hi all, > > Postfix documentation mentions (for smtpd_discard_ehlo_keyword_address_maps): > > ?The tables are not searched by hostname for robustness reasons.? > > Is it possible to describe what these reasons are? (performance related?) Ask the question: if DNS lookup does not

Re: Letsencrypt tip

On 9/11/2017 5:21 AM, Dominic Raferd wrote: > > > On 11 September 2017 at 11:59, Gary > wrote: > > As you know, letsencrypt certs can be automatically updated. > However, you need to reload/restart Postfix/Dovecot to use the new >

Re: Throttling bursts of connections at postscreen? More to do here?

@lbutlr wrote: Is there anything more you could do? Not really. If you really want the log lines to go away you could put in a DENY in your hosts table, but if you do that you're going to be doing it A LOT. *nod* If there's only one persistent host, it may be worth blocking at some higher

Re: Letsencrypt tip

> On Sep 11, 2017, at 4:59 AM, Gary wrote: > > As you know, letsencrypt certs can be automatically updated. However, you > need to reload/restart Postfix/Dovecot to use the new cert. This is false for Postfix. The Postfix SMTP server processes (smtpd(8) and tlsproxy(8))

Re: Letsencrypt tip

On 11/09/2017 12:33, Christian Kivalo wrote: On 2017-09-11 11:21, Dominic Raferd wrote: ​Does anyone know a way to detect if the certificate currently being used by Postfix and/or Dovecot is nearing expiry (esp. in case they haven't picked up the updated letsencrypt certificate)? You mean like

Re: Letsencrypt tip

On 11.09.2017 10:59, Gary wrote: As you know, letsencrypt certs can be automatically updated. However, you need to reload/restart Postfix/Dovecot to use the new cert. My email client insisted I had an expired cert. I couldn't download or send email. (Fortunately I'm on a test domain, getting

smtpd_discard_ehlo_keyword_address_maps support for hostnames

Hi all, Postfix documentation mentions (for smtpd_discard_ehlo_keyword_address_maps): “The tables are not searched by hostname for robustness reasons.” Is it possible to describe what these reasons are? (performance related?) Is it worth adding a new parameter that performs the same

Re: Increasing spam level to backup MX

On 2017-09-11 14:13:29 (+0200), Davide Marchi wrote: activating a backup server I realized that some spammers using this server to send spam to my relay_recipient_maps addresses. Spam is then successfully forwarded to the main server. Is there a parameter to prevent this type of action? A

Increasing spam level to backup MX

Hi Friends, activating a backup server I realized that some spammers using this server to send spam to my relay_recipient_maps addresses. Spam is then successfully forwarded to the main server. Is there a parameter to prevent this type of action? A type check "do not receive email if the

Re: Letsencrypt tip

On 11.09.2017 11:21, Dominic Raferd wrote: > ​Does anyone know a way to detect if the certificate currently being > used by Postfix and/or Dovecot is nearing expiry (esp. in case they > haven't picked up the updated letsencrypt certificate)? See https://www.monitoring-plugins.org/ -- The plugins

Re: how to use check file in master.cf

Thanks very much 获取 Outlook for iOS On Mon, Sep 11, 2017 at 8:02 PM +0800, "Wietse Venema" wrote: xiedeacc: > how to use

Re: how to use check file in master.cf

xiedeacc: > how to use parameters like > smtpd_recipient_restrictions=check_recipient_access > hash:/etc/postfix/recipient_access in master.cf, postfix will log fatal > error and process exit According to 'man 5 master': -o { name = value } (long form, Postfix >= 3.0)

Re: how to use check file in master.cf

On Sep 11, 2017, at 4:49 AM, @lbutlr wrote: > smtpd_recipient_restrictions = > permit_mynetworks, Well, that's useful, the leading spaces were stripped. Hrm. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: how to use check file in master.cf

On Sep 11, 2017, at 1:55 AM, xiedeacc wrote: > how to use parameters like > smtpd_recipient_restrictions=check_recipient_access > hash:/etc/postfix/recipient_access in master.cf, postfix will log fatal > error and process exit Formatting matters, and this is well documented.

Re: OT lightweight IMAP client

On Sep 10, 2017, at 8:36 PM, Viktor Dukhovni wrote: > http://blog.lance.tw/posts/2013/08/24/attach-mails-as-attachments-in-mutt/ Thanks! (I've read a lot of mutt pages and that's the first time I've seen ^D mentioned) -- Apple broke AppleScripting signatures in

Re: Letsencrypt tip

> Gary kirjoitti 11.09.2017 kello 11:59: > > As you know, letsencrypt certs can be automatically updated. However, you > need to reload/restart Postfix/Dovecot to use the new cert. My email client > insisted I had an expired cert. I couldn't download or send email. >

Re: Change of SMTP encryption policy at Google?

Yes. You are absolutely correct regarding SMTP. However I suspect many people will switch to Letsencrypt for everything (web and mail). I for one set up a self signed email certificate with a 10 year lifetime because this is work. That isn't really a good plan. Letsencrypt, once it works,

Re: Letsencrypt tip

On 2017-09-11 11:21, Dominic Raferd wrote: ​Does anyone know a way to detect if the certificate currently being used by Postfix and/or Dovecot is nearing expiry (esp. in case they haven't picked up the updated letsencrypt certificate)? You mean like this from the letsencrypt forum adapted

Re: Change of SMTP encryption policy at Google?

Dear Gary, On 09/11/17 11:20, Gary wrote: https://threatpost.com/google-reminding-admins-http-pages-will-be-marked-not-secure-in-october/127709/ This site says Oct 24. I recall Oct 1. Maybe it was pushed back. Please note, this is about the HTTP/HTTPS protocols and not SMTP. […] Kind

Re: Letsencrypt tip

On 11 September 2017 at 11:59, Gary wrote: > As you know, letsencrypt certs can be automatically updated. However, you > need to reload/restart Postfix/Dovecot to use the new cert. My email client > insisted I had an expired cert. I couldn't download or send email. >

Re: Change of SMTP encryption policy at Google? (was: Letsencrypt tip)

https://threatpost.com/google-reminding-admins-http-pages-will-be-marked-not-secure-in-october/127709/ This site says Oct 24. I recall Oct 1. Maybe it was pushed back. Yes for those of us that don't do e-commerce or something that requires encryption, this is a PITA. For my email, I had to

Change of SMTP encryption policy at Google? (was: Letsencrypt tip)

Dear Gary, On 09/11/17 10:59, Gary wrote: […] (Fortunately I'm on a test domain, getting ready for the Oct 1st Google > insistence on encryption.) Could you please point me to the relevant announcement about that policy change? […] Kind regards, Paul

Letsencrypt tip

As you know, letsencrypt certs can be automatically updated. However, you need to reload/restart Postfix/Dovecot to use the new cert. My email client insisted I had an expired cert. I couldn't download or send email. (Fortunately I'm on a test domain, getting ready for the Oct 1st Google

how to use check file in master.cf

how to use parameters like smtpd_recipient_restrictions=check_recipient_access hash:/etc/postfix/recipient_access in master.cf, postfix will log fatal error and process exit -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Re: outlook connect postfix use tls will fail,reject: RCPT from , 554 5.7.1,Client host rejected: Access denied

Ihave solved this by change outlook configuration, for outlook have to manual set to send authentication to postfix, when add account to outlook, at other configuration, send server, need choose my sender server(SMTP) need authentication -- Sent from:

Re: outlook connect postfix use tls will fail,reject: RCPT from , 554 5.7.1,Client host rejected: Access denied

not confused, just because outlook stranger configuration, outlook have to manual set to send authentication to postfix, when add account to outlook, at other configuration, send server, need choose my sender server(SMTP) need authentication -- Sent from:

Re: Cannot send mail following upgrade to 3.1.4 - can't find user/alias info

On Mon, Sep 11, 2017 at 04:16:04AM CEST, "@lbutlr" said: > On Sep 10, 2017, at 6:25 PM, dennisthetiger > wrote: > > Victor, Wietse, if I ever see you in real life, I should buy you a > > $beverage. =D Thanks, gentlemen. > > I probably owe