[pfx] Re: "danebot" beta release

Viktor Dukhovni via Postfix-users writes: > On Mon, May 22, 2023 at 09:53:36PM -0400, Viktor Dukhovni via Postfix-users > wrote: > >> Key reuse as a *default* rollover approach is robust. When it is time >> to change keys, one can do so deliberately, and with due care to >> prepublish TLSA

[pfx] "danebot" beta release (was: DANE and DNSSEC)

On Mon, May 22, 2023 at 09:53:36PM -0400, Viktor Dukhovni via Postfix-users wrote: > Key reuse as a *default* rollover approach is robust. When it is time > to change keys, one can do so deliberately, and with due care to > prepublish TLSA records matching the *next* key, then after a few TTLs

[pfx] Re: milter-greylist, run-as and permissions on freebsd

Gary Aitken via Postfix-users: > New install of postfix on a freebsd 12.4 system. > I have milter-greylist installed, set up in main.cf as: > >milter_protocol = 6 >milter_default_action = accept >smtpd_milters = local:/var/milter-greylist/milter-greylist.sock > > The socket to

[pfx] milter-greylist, run-as and permissions on freebsd

New install of postfix on a freebsd 12.4 system. I have milter-greylist installed, set up in main.cf as: milter_protocol = 6 milter_default_action = accept smtpd_milters = local:/var/milter-greylist/milter-greylist.sock The socket to milter-greylist is at: $ ls -dl /var/milter-greylist/

[pfx] Re: TLS client policy according to domain MTA-STS policy

A more quick and dirty option is to configure transport policy "verify" for any mta-sts destinations (I am doing this in a script). That doesn´t really check the mx one connects to are enumerated, but at least the certificate validation part of mta-sts will prevent connections to arbitrary

[pfx] Re: Mx has ip6 only

On 2023-05-24 at 09:50:08 UTC-0400 (Wed, 24 May 2023 13:50:08 +) Ken Peng via Postfix-users is rumored to have said: If the MX hostname has only IPv6 resolved, does it have problems in mail functions? Yes. Not all sending systems have IPv6 addresses or connectivity. If your inbound

[pfx] Re: Mx has ip6 only

Ken Peng via Postfix-users: > If the MX hostname has only IPv6 resolved, > does it have problems in mail functions? Does every legitimate sender have IPv6 connectivity? Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To

[pfx] Mx has ip6 only

If the MX hostname has only IPv6 resolved, does it have problems in mail functions? Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: TLS client policy according to domain MTA-STS policy

On Wed, May 24, 2023 at 02:25:38PM +0200, Paul Menzel via Postfix-users wrote: > Running the *Public Email & DNS Testbed* [1], I was reminded, that we > have MTA-STS set up, but do not take the MTAT-STS policy of other > domains into account. > > As a solution I found

[pfx] TLS client policy according to domain MTA-STS policy

Dear Postfix folks, Running the *Public Email & DNS Testbed* [1], I was reminded, that we have MTA-STS set up, but do not take the MTAT-STS policy of other domains into account. As a solution I found *postfix-mta-sts-resolver* [2], which warns about a “RFC violation” [3]: ### Warning: