Hello postfix-users,
While checking the SSL configuration of a Postfix server, I noticed that
so-called "Client-initiated secure renegotiation" is available at
Postfix by default.
You can verify it with following openssl command and press "R" once the
connection is successfully established:
On Wed, Jul 11, 2018 at 03:27:05PM +0200, Viktor Schneider wrote:
> While checking the SSL configuration of a Postfix server, I noticed that
> so-called "Client-initiated secure renegotiation" is available at
> Postfix by default.
> You can verify it with following openssl command and press "R"
On Tue, July 10, 2018 20:35, Viktor Dukhovni wrote:
>
> The connecting client did not like one of the certificates in the
> chain. Perhaps it expected to find working a WebPKI certificate
> from one of the usual suspects ("browser bundle" public root CAs).
>
> You should ask the postmaster of th
Hello,
Let's say that I do have a user "user" on my system, but I would like
for emails sent to "user+doesnotex...@domain.org" to bounce back the
"Undelivered mail" message with something like:
: unknown user: "user+doesnotexist"
How would I do this? I naively tried adding
user+doesnotexist
On 11 Jul 2018, at 10:41 (-0400), Thomas Nyberg wrote:
Hello,
Let's say that I do have a user "user" on my system, but I would like
for emails sent to "user+doesnotex...@domain.org" to bounce back the
"Undelivered mail" message with something like:
: unknown user: "user+doesnotexist"
How w
Thomas Nyberg:
> Hello,
>
> Let's say that I do have a user "user" on my system, but I would like
> for emails sent to "user+doesnotex...@domain.org" to bounce back the
> "Undelivered mail" message with something like:
>
> : unknown user: "user+doesnotexist"
>
> How would I do this? I naively
On Wed, Jul 11, 2018 at 10:13:48AM -0400, James B. Byrne wrote:
> > The connecting client did not like one of the certificates in the
> > chain. Perhaps it expected to find a working WebPKI certificate
> > from one of the usual suspects ("browser bundle" public root CAs).
> >
> > You should ask t
On Wed, Jul 11, 2018 at 10:04:30AM -0400, Viktor Dukhovni wrote:
> On Wed, Jul 11, 2018 at 03:27:05PM +0200, Viktor Schneider wrote:
>
> > While checking the SSL configuration of a Postfix server, I noticed that
> > so-called "Client-initiated secure renegotiation" is available at
> > Postfix b
On Wed, July 11, 2018 11:12, Viktor Dukhovni wrote:
> On Wed, Jul 11, 2018 at 10:13:48AM -0400, James B. Byrne wrote:
>
>> > The connecting client did not like one of the certificates in the
>> > chain. Perhaps it expected to find a working WebPKI certificate
>> > from one of the usual suspects ("
On 07/11/2018 08:03 AM, Wietse Venema wrote:
Alternative: use a transport map; that works for all domains.
/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport:
user+doesnotex...@example.com error:5.1.1 User does not receive mail.
Requires "postma
It seems I misremebered, post-STARTTLS renegotiation is not subjected
to anvil rate limits. I'd need to find the right OpenSSL callback
to hook into the server processing of client TLS HELLO requests and
turn them down if the rate is too high. This is not presently
implemented.
Maybe it would
I suspect the answer to this is going to be "Well, don't do that then." but I
may as well ask...
I have a VM that's running two services. One of them is a vanilla postfix
smarthost - it accepts mail on port 587 and relays it out to the world.
The other is an unrelated smtp server that listens f
Steve Atkins:
> I suspect the answer to this is going to be "Well, don't do that then." but I
> may as well ask...
>
> I have a VM that's running two services. One of them is a vanilla postfix
> smarthost - it accepts mail on port 587 and relays it out to the world.
>
> The other is an unrelate
> On Jul 11, 2018, at 6:12 PM, Wietse Venema wrote:
>
> Steve Atkins:
>> I suspect the answer to this is going to be "Well, don't do that then." but
>> I may as well ask...
>>
>> I have a VM that's running two services. One of them is a vanilla postfix
>> smarthost - it accepts mail on port
On Wed, Jul 11, 2018 at 09:12:40PM -0400, Wietse Venema wrote:
> Steve Atkins:
> > I suspect the answer to this is going to be "Well, don't do
> > that then." but I may as well ask...
> >
> > I have a VM that's running two services. One of them is a vanilla
> > postfix smarthost - it accepts mail
On Wed, Jul 11, 2018 at 02:13:46PM -0400, James B. Byrne wrote:
> > Any logs they're willing to share would likely be enlightening.
>
> I will ask.
Please do, and ask for permission to post the results here or with
me off-list, but I would also need permission to share the logs
with the Exim dev
16 matches
Mail list logo
