On Thu, Feb 18, 2021 at 07:52:07AM +0100, Ralph Seichter wrote:
> In a new server setup, I use two consecutive transport lookups:
>
> transport_maps = ldap:/etc/postfix/foo.cf ldap:/etc/postfix/bar.cf
I strongly do not recommend using LDAP for per-user transport lookups.
Instead:
- Use
In a new server setup, I use two consecutive transport lookups:
transport_maps = ldap:/etc/postfix/foo.cf ldap:/etc/postfix/bar.cf
The lookup defined in foo.cf MAY return a result for a given recipient,
while using bar.cf MUST return a result. This works, but with a caveat:
Adding or removing
Gary Aitken:
> On 2/17/21 2:17 PM, Wietse Venema wrote:
> > Gary Aitken:
> >> < mail-pf1-f170.google.com[209.85.210.170]: DATA
> >>> mail-pf1-f170.google.com[209.85.210.170]:
> >> 554 5.5.1 Error: no valid recipients
> >
> > That is incomplete. There is also an RCPT TO command, plus a
On 17 Feb 2021, at 18:17, Gary Aitken wrote:
Why is it comparing the client domain / ip and not the domain portion
of
the recipient address?
Read the description of permit_mynetworks available via 'man 5
postconf'. The $mynetworks parameter is a set of IP addresses.
I thought by saying
On 2/17/21 2:17 PM, Wietse Venema wrote:
Gary Aitken:
< mail-pf1-f170.google.com[209.85.210.170]: DATA
mail-pf1-f170.google.com[209.85.210.170]:
554 5.5.1 Error: no valid recipients
That is incomplete. There is also an RCPT TO command, plus a response
from Postfix that says why the
On Wed, Feb 17, 2021 at 07:04:54PM +0100, Jeff Abrahamson wrote:
> But the man page makes a good argument for setting this to medium.
> I'd originally set smtpd_tls_mandatory_ciphers = high, I've switched
> it to medium.
You can set it back to "high". Perhaps that should even be the new
Gary Aitken:
> < mail-pf1-f170.google.com[209.85.210.170]: DATA
> > mail-pf1-f170.google.com[209.85.210.170]:
>554 5.5.1 Error: no valid recipients
That is incomplete. There is also an RCPT TO command, plus a response
from Postfix that says why the recipient is rejected.
>Why doesn't
I'm trying to allow client connections from only two places:
a known ip
a specific domain served at gmail
And delivery only to local recipients.
Relevant parts of main.cf:
mynetworks = 127.0.0.0/8 10.138.0.10/32 [:::127.0.0.0]/104 [::1]/128
postfix-server-domain.com otherdomain.com
On 16/02/2021 21:34, Viktor Dukhovni wrote:
>> On Feb 16, 2021, at 3:57 PM, Dominic Raferd wrote:
>>
>>> In what way does that improve your security over the default, which
>>> allows 1.0 and 1.1?
>> As stated this is for auth clients i.e. our own people, using SMTPS or
>> STARTTLS. There is no
On 17/02/2021 14:49, Vincent Lefevre wrote:
On 2021-02-16 18:34:32 -0200, Viktor Dukhovni wrote:
On Feb 16, 2021, at 3:57 PM, Dominic Raferd wrote:
In what way does that improve your security over the default, which
allows 1.0 and 1.1?
As stated this is for auth clients i.e. our own
On 2021-02-16 18:34:32 -0200, Viktor Dukhovni wrote:
> > On Feb 16, 2021, at 3:57 PM, Dominic Raferd wrote:
> >
> >> In what way does that improve your security over the default, which
> >> allows 1.0 and 1.1?
> > As stated this is for auth clients i.e. our own people, using SMTPS or
> >
11 matches
Mail list logo