On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote:
> >> If your have smtpd_sasl_auth_enable=yes for your services on port
> >> 587 (submission) and port 465 (smtps or submissions), then you can
> >> remove it from master.cf when all your AUTH users are not using
> >> the port 25 service.
> On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users
> wrote:
>
>> What is the output from
>>
>> postconf -P '*/inet/smtpd_sasl_auth_enable'
>>
>> That will show the smtpd_sasl_auth_enable settings in master.cf.
>>
>> If your have smtpd_sasl_auth_enable=yes for your servi
On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote:
> What is the output from
>
> postconf -P '*/inet/smtpd_sasl_auth_enable'
>
> That will show the smtpd_sasl_auth_enable settings in master.cf.
>
> If your have smtpd_sasl_auth_enable=yes for your services on
Jon Smart via Postfix-users:
> > Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
> >
> >> How can I disable auth on port 25? I really don't want users to use
> >> port
> >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
> >
> > its default disabled, no ?
> >
> > unsur
On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote:
> not exactly the same issue to my read, but there may be more to it?
As suspected, the OP has an incomplete DANE TLSA RRset that fails to
match the system's RSA certificate (the additional ECDSA certifcate does
match, but Mi
> Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
>
>> How can I disable auth on port 25? I really don't want users to use
>> port
>> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
>
> its default disabled, no ?
>
> unsure give us "postconf -n | grep auth"
>
Hello,
There is currently a similar thread on "mailop" mailing list about
connections from MS to *submission* ports, that connect, do valid AUTH
(using proper credentials!) and then hang up.
People in that thread suspect that this behavior might be associated with
connections from Outlook mobile app bei
Dnia 15.08.2023 o godz. 16:14:58 pgnd via Postfix-users pisze:
> they come in frequent waves of ~5-10 from countless different outlook.com
> hosts -- but, so far, these waves (and totals) are ONLY from outlook.com
> -- getting by postscreen cache after expire with "PASS NEW".
>
> i never receive c
Etienne Miret via Postfix-users:
> > If there is a DISCREPANCY between local_recipient_maps and your
> > local delivery agent, then you MUST UPDATE your local_recipient_maps
> > accordingly.
>
> I wasn't complaining about that discrepancy. I was complaining that the
> local_recipient_maps is only
Hello all,
[…] the queue manager just hands off the message to the relevant transport.
Whether the transport also uses the same table to decide whether or
where to deliver mail is up to the transport.
Obviously. The question is about who checks the local_recipient_maps.
Looking at the at the
Wietse Venema via Postfix-users:
> ?tienne Miret via Postfix-users:
> > I found this discrepancy surprising and am suggesting it is removed. In
> > case others argue it is useful or that removing it will break some
> > configurations, I am asking it is documented.
>
> The default local_recipient
On Wed, Aug 16, 2023 at 02:07:39PM +, Serg wrote:
> Thanks for pointing this out, I forgot to update it when migrating from RSA
> to ECC certificate.
It seems you don't have monitoring in place that checks the correctness
of your TLSA records vis-à-vis your certificate chain. Monitoring is
On 8/16/23 13:55, Viktor Dukhovni via Postfix-users wrote:
There's good reason for that, your MX host has DANE TLSA records that
don't match its certificate chain:
Thanks for pointing this out, I forgot to update it when migrating from RSA to
ECC certificate.
On 8/16/23 13:55, Viktor Dukhovni
On Wed, Aug 16, 2023 at 10:56:07AM +, Serg via Postfix-users wrote:
> I have checked email server of mine and can confirm I am seeing that too
> (logs are since Aug 13 03:50:38 EEST):
>
> > admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
> > /var/log/mail.log | grep 'ehlo=1
On Wed, Aug 16, 2023 at 09:12:44AM -0400, pgnd via Postfix-users wrote:
> 4 0.321516 192.0.2.25 → 52.101.62.16 SMTP 121 S: 220
> mx1.example.net ESMTP .
Your server's hostname and served domains continue to be hidden. Are
you perhaps willing and able to post those details? With
BTW I explicitly allow mail from their IP ranges at postscreen level:
...
#outlook.com
40.92.0.0/15permit
40.107.0.0/16 permit
52.100.0.0/14 permit
104.47.0.0/17 permit
they published some more ranges but when I checked, I haven't noticed mail from
oth
?tienne Miret via Postfix-users:
> I found this discrepancy surprising and am suggesting it is removed. In
> case others argue it is useful or that removing it will break some
> configurations, I am asking it is documented.
The default local_recipient_maps setting uses the UNIX password
database
I have checked email server of mine and can confirm I am seeing that too (logs
are since Aug 13 03:50:38 EEST):
admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
/var/log/mail.log | grep 'ehlo=1 starttls=1 quit=1 commands=3' | tail
Aug 16 13:47:34 flopster postfix/smtpd[23237]:
Le 15/08/2023 à 23:12, Viktor Dukhovni via Postfix-users a écrit :
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from
[52.101.56.17]:32607 to [209.123.234.54]:25
2023-08-14T13:11:59.860098-04:00
Peter via Postfix-users skrev den 2023-08-16 09:01:
mta to mta can use port 465 or 587 aswell for intended purpose :)
This is incorrect, MTAs should not and will not connect to any port
other than port 25 for MX traffic.
you are correct if you only have ONE mta
so its valid if both client an
16 ago 2023 6:50:27 Bill Cole via Postfix-users :
> "Should" they? Of course. They didn't. Whatever is broken in this case is
> broken inside Microsoft.
As usual... ;-)
My excuses for the noise, but I couldn't resist :-D
--
Victoriano Giralt
Sent from a hand held device
signature.asc
Descri
Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
How can I disable auth on port 25? I really don't want users to use
port
25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
its default disabled, no ?
unsure give us "postconf -n | grep auth"
my own is
mx ~ # postco
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users
wrote:
I have disabled port 587/465 to be accessed publicly.
but port 25 must be open to internet for MTA communications.
My question is, can external users access port 25 for smtp auth and send
mail then?
Not if you disable
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from
[52.101.56.17]:32607 to [209.123.234.54]:25
2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
[52.101.56.17]:32607
2023
On Tue, Aug 15, 2023 at 08:48:35AM -0400, Bill Cole via Postfix-users
wrote:
> Your task is to fix Microsoft's mishandling of email. (giggles insanely...)
:-)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to
On 15/08/23 21:08, Benny Pedersen via Postfix-users wrote:
Peter via Postfix-users skrev den 2023-08-15 10:44:
This is a bad idea for several reasons. If you want submission use
ports 465 and/or 587 as they are intended. Don't try to use a service
that is meant for a different purpose for thi
26 matches
Mail list logo
