On 14 Jun2019, at 07:24, klirstr wrote:
> host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1
> : Recipient address rejected:
> SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of
> 'smtp.mydomain.com' (in reply to RCPT TO command))
>
On 14/6/2019 22:34, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 21:18:
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as
On Fri, Jun 14, 2019 at 10:18:43PM +0300, Lefteris Tsintjelis wrote:
> >> Is there a way to check from logs or headers if DANE was used
> >> (un)successfully and possibly monitor the method as well?
> >
> > grep Verified in logs
>
> This could very well be from the "known" CAs
Actually, no. Yo
Lefteris Tsintjelis skrev den 2019-06-14 21:18:
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
This could
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
This could very well be from the "known" CAs
smime.p7s
D
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
On 14/6/2019 21:20, Viktor Dukhovni wrote:
On Fri, Jun 14, 2019 at 06:22:55PM +0300, Lefteris Tsintjelis wrote:
Best to create the DNS record from the public certificate.
No, actually, best to create from the public key.
https://github.com/danefail/list/issues/47#issuecomment-456623996
On Fri, Jun 14, 2019 at 06:22:55PM +0300, Lefteris Tsintjelis wrote:
> One note though, some sites claim the DNS record can be created from
> the private key
Make that the *public* key.
> or the public certificate but it does not apear to work the same.
The public key gets "3 1 1" (assuming SH
On Fri, Jun 14, 2019 at 04:05:27PM +0300, Lefteris Tsintjelis wrote:
> Is it certain that non "well known" CAs can be used? The above site does
> not validate correctly. It checks DNSSEC and TLSA correctly but comes
> with an SMTP error "self signed certificate in certificate chain"
The use of
On Fri, Jun 14, 2019 at 03:17:44PM +0300, anzelmooo . wrote:
> Jun 14 09:36:26 mx1 postfix/smtp[6409]: 488845290: to=,
> relay=host.mail.protection.outlook.com[ip.ip.ip.ip]:25, delay=1.7,
> delays=0.01/0/0.34/1.4, dsn=2.6.0, status=sent (250 2.6.0
> [InternalId=1234, Hostname=host.prod.outl
On 14/6/2019 16:05, Lefteris Tsintjelis wrote:
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No
> On 14 Jun 2019, at 14:24, klirstr wrote:
>
> host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1
> : Recipient address rejected:
> SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of
> 'smtp.mydomain.com' (in reply to RCPT TO command))
>
anzelmooo .:
> Hello,
>
> We have two servers with identical configuration running Postfix 2.6.6 on
> Redhat 6.x.
Postfix support for version 2.6 was terminated 6 or more years ago.
The code that you are running is RedHat's blend of Postfix releases.
> One of the servers recently upgraded from Re
Hi folks,
Lately when I am trying to send an email to a specific customer domain I
have below error.
host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1 <
u...@customerdomain.com>: Recipient address rejected: SPF-Result=
smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
E. Recio:
> So how do you get postfix to honor (strictly) the SPF record in the DNS
> entry?
>
> Sorry if this is a dumb question, first post. :)
Take a look at OpenDMARC.
Wietse
Hello,
We have two servers with identical configuration running Postfix 2.6.6 on
Redhat 6.x.
One of the servers recently upgraded from Redhat 6.4 to Redhat 6.10. No
major changes are reported. Postfix configuration was unchanged.
On the upgraded server there is a strange delay in the activ
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
So how do you get postfix to honor (strictly) the SPF record in the DNS
entry?
Sorry if this is a dumb question, first post. :)
-e
* Lefteris Tsintjelis:
> Can I use DANE with postfix or do I need a certificate from a known CA
> in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
-Ralph
P.S.: I recommend https://dane.sys
Hi, I already have a working DSNSEC with my own CA. Can I use DANE with
postfix or do I need a certificate from a known CA in order to do that?
smime.p7s
Description: S/MIME Cryptographic Signature
John Gateley:
>
>
> On 6/13/19 10:22 AM, Wietse Venema wrote:
> > John Gateley:
> >> Is there any reason the software upgrade would cause this behavior?
> >> I can't think of one, but the timing is very coincidental.
> > There is no known problem with mail from Postfix ending up in
> > SPAM folde
On June 14, 2019 7:43:56 AM UTC, Martijn Brinkers
wrote:
>On 13-06-19 16:43, John Gateley wrote:
>> I recently upgraded my mail server OS (Debian 7 to Debian 9), and at
>the
>> same time got
>> the latest postfix package for Debian 9.
>>
>> It is hosted in the cloud (Linode), and I completely
On 13-06-19 16:43, John Gateley wrote:
> I recently upgraded my mail server OS (Debian 7 to Debian 9), and at the
> same time got
> the latest postfix package for Debian 9.
>
> It is hosted in the cloud (Linode), and I completely rebuilt the
> instance, rather than
> doing an upgrade. The IP addre
24 matches
Mail list logo
