Viktor Dukhovni via Postfix-users:
> One thing the OP said is perhaps a general misconception, that could,
> FWIW, be written down a bit more explicitly, though unlikely to help
> prevent misunderstandings, because unlikely to be read. Rather it
> may be helpful after the fact, to help some see th
On Sun, Jun 22, 2025 at 09:40:41AM -0400, Wietse Venema via Postfix-users wrote:
> Matthew via Postfix-users:
> > Hi Viktor,
> >
> > I think it is more:
> >
> > 1. "reject_unauthenticated_sender_login_mismatch" implies to a
> > reasonable person that "unauthenticated senders" for our trusted do
[ Also posted to dane-us...@list.sys4.de ]
Some MTA operators neglect to prune outdated TLSA records with "usage"
DANE-EE(3). As keys or certificates are replaced, they add new matching
TLSA records, never dropping the records matching the outdated keys.
This largely defeats the purpose of key o
Viktor Dukhovni via Postfix-users:
> On Sun, Jun 22, 2025 at 01:02:44PM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > > What I am talking about is the comment about the meaning "when SASL is
> > > enabled", as possibly applying to SASL being enabled somewhere else
> > > in Postfix, rather
Hello,
I'm a new user and during my testing I noticed some potentially
unintended behaviour with "reject_sender_login_mismatch" when SASL is
disabled on a master.cf port that leads to the ability to MAIL FROM
spoof senders on my domain to recipients within my domain.
In master.cf I use plain
On 2025-06-22 at 07:44:14 UTC-0400 (Sun, 22 Jun 2025 12:44:14 +0100)
Matthew via Postfix-users
is rumored to have said:
> Is this a known issue or have I uncovered an interesting MAIL FROM spoofing
> edge case?
Neither. There's a conceptual mismatch with reality.
There is no meaning to the wor
On Sun, Jun 22, 2025 at 01:02:44PM -0400, Wietse Venema via Postfix-users wrote:
> > What I am talking about is the comment about the meaning "when SASL is
> > enabled", as possibly applying to SASL being enabled somewhere else
> > in Postfix, rather than the smtpd(8) service that is processing th
Matthew via Postfix-users:
> Hi Viktor,
>
> I think it is more:
>
> 1. "reject_unauthenticated_sender_login_mismatch" implies to a
> reasonable person that "unauthenticated senders" for our trusted domains
> would be rejected (not logging in is a form of login mismatch).
reject_unauthen
Hi Viktor,
I think it is more:
1. "reject_unauthenticated_sender_login_mismatch" implies to a
reasonable person that "unauthenticated senders" for our trusted domains
would be rejected (not logging in is a form of login mismatch).
2. Perhaps adding to my confusion but the wording "when SASL
On Sun, Jun 22, 2025 at 01:39:09PM +0100, Matthew via Postfix-users wrote:
> Thank you for your e-mail. I thought I had searched for similar discussions
> beforehand but obviously I had not done a very thorough job. Yes, exactly
> the same observations.
It is rather odd to apply a login-mismatch
Hi Matus,
Thank you for your e-mail. I thought I had searched for similar
discussions beforehand but obviously I had not done a very thorough job.
Yes, exactly the same observations.
"check_sender_access texthash:/etc/postfix/restricted_senders" might be
a suitable workaround for you too (or
On 22.06.25 12:44, Matthew via Postfix-users wrote:
I'm a new user and during my testing I noticed some potentially
unintended behaviour with "reject_sender_login_mismatch" when SASL is
disabled on a master.cf port that leads to the ability to MAIL FROM
spoof senders on my domain to recipients
12 matches
Mail list logo
