[pfx] Re: two 2822.From header with header_checks

On Sun, 2024-01-28 at 09:05 -0500, Wietse Venema via Postfix-users wrote: > Byung-Hee HWANG via Postfix-users: > > Hellow Postfix heackers, > > > > I have some odd email [1]. That have two 2822.From headrs. I would > > like > > to filer such styl

[pfx] two 2822.From header with header_checks

Hellow Postfix heackers, I have some odd email [1]. That have two 2822.From headrs. I would like to filer such style email. Is it possible to filter with header_checks? From: Byung-Hee HWANG From: Byung-Hee HWANG Because Google Gmail don't like above style... i'm serious now... Thanks in

[pfx] Re: Postfix stable release 3.5.23

On Fri, 2023-12-22 at 15:11 -0500, Wietse Venema via Postfix-users wrote: > [An on-line version of this announcement will be available at > https://www.postfix.org/announcements/postfix-3.5.23.html] > > Fixed with Postfix 3.5.23: > >   * Security: this release adds support to defend >    

[pfx] Re: SMTP Smuggling, workarounds and fix

On Sat, 2023-12-30 at 16:14 +, Scott Kitterman via Postfix-users wrote: > > > On December 30, 2023 3:17:52 PM UTC, "Håkon Alstadheim via Postfix- > users" wrote: > > Just FYI, I got postfix 3.7.9-0+deb12u1 from bookworm-updates (i.e. > > Debian) today. > > > For those still using Debian

[pfx] Re: 25 years today

Wietse Venema via Postfix-users writes: > (...thanks...) > That was a long time ago. Postfix has evolved as the Internet has > changed. I am continuing the overhaul of this software, motivated > by people like you on this mailing list. > Hellow Wietse! I am running two Postfix servers for

[pfx] Re: TAKE NOTE 3: Upcoming new Let's Encrypt intemediate issuer CAs.

raf via Postfix-users writes: > On Fri, Dec 08, 2023 at 02:00:55PM -0500, Viktor Dukhovni via Postfix-users > wrote: > >> So anyone relying on DANE-TA(2) (certificate usage 2) needs to closely >> watch for upcoming announcements from LE, and be prepared to add TLSA >> records for the new

[pfx] Re: Some TLS connections untrusted in postfix but trusted with posttls-finger

> No, it's a pure security policy thing and an overlooked line in the mysql tls > policy table. > > The policy "secure" (and I assume "dane-only") doesn't work, as github is not > using DNSSEC. Valid policies which make this work are "verify", "may" and I > assume "dane" (if you have

[pfx] Re: Some TLS connections untrusted in postfix but trusted with posttls-finger

Alexander Leidinger via Postfix-users writes: > Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users: >>> ... >>> Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate >>> verification failed for in-8.smtp.github.com[140.82.114.32]:25

[pfx] Re: Some TLS connections untrusted in postfix but trusted with posttls-finger

> ... > Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate > verification failed for in-8.smtp.github.com[140.82.114.32]:25: > num=62:hostname mismatch > ... Maybe you check? root@yw-1204:/etc/postfix# postconf -n | grep CAfile smtp_tls_CAfile =

[pfx] Re: gmail failing SPF/DKIM

Wietse Venema via Postfix-users writes: > (...) > gmail rejects all messsages with that sender domain name? Some > messages? I have found that Gmail may treat some 'soft' errors (DNS > timeout) as 'hard' errors. My workaround is to retry deliveries. > > /etc/postfix/main.cf: > transport_maps

[pfx] Re: configuration to send to recipients in a spread out manner to avoid being considered spam

Byung-Hee HWANG via Postfix-users writes: > Wietse Venema via Postfix-users writes: > >> testeur via Postfix-users: >>> Hi, >>> >>> I did a request to mailman3 ML about this question, but it seems that >>> postfix can respond to my request. >

[pfx] Re: configuration to send to recipients in a spread out manner to avoid being considered spam

Wietse Venema via Postfix-users writes: > testeur via Postfix-users: >> Hi, >> >> I did a request to mailman3 ML about this question, but it seems that >> postfix can respond to my request. >> I use mailman3. But AOL, YAHOO seems to consider emails sent to >> recipients as spam or an

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Ralph Seichter via Postfix-users writes: > * Byung-Hee HWANG via Postfix-users: > >> Honestly, 311 it was not easy to set up to me. > > These days, one is a bit spoiled for choice when it comes to software > which handles this automatically. LetsDNS (https://letsdns

[pfx] Re: TAKE NOTE 2: Future Let's Encrypt CA choice randomisation.

Viktor Dukhovni via Postfix-users writes: > (...) > Good job, you're set until some future change a few years down the line. > > _25._tcp.yw-0919.doraji.xyz. IN CNAME rfc7671.doraji.xyz. > _25._tcp.yw-1204.doraji.xyz. IN CNAME rfc7671.doraji.xyz. > rfc7671.doraji.xyz. IN TLSA 2 1 1 >

[pfx] Re: TAKE NOTE 2: Future Let's Encrypt CA choice randomisation.

Hellow Viktor, Viktor Dukhovni via Postfix-users writes: > On Wed, Nov 15, 2023 at 04:53:17PM +0100, Geert Hendrickx via Postfix-users > wrote: > >> On Wed, Nov 15, 2023 at 10:29:41 -0500, James Cloos via Postfix-users wrote: >> > LE announced a while back that they would not renew the cross

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Hellow raf, > As Viktor pointed out, you're not affected, Welcome! And thanks a lot for confirmation. > but if you want to use "3 1 1", > and you use certbot for your LetsEncrypt certificates, as well as Viktor's > danebot program (https://github.com/tlsaware/danebot), my danectl program >

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Hellow Viktor, Viktor Dukhovni via Postfix-users writes: > The DANE/DNSSEC survey () has seen a > recent spike in the number of MX hosts whose "2 1 1" TLSA records no > longer match their certificate chain. The records in question all > shar the same digest

[pfx] Re: GMail is rejecting mail I forward

Byung-Hee HWANG via Postfix-users writes: >> https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads > > And because i have to prove myself, See: > https://gitlab.com/soyeomul/Gnus/-/commit/59122d99bd6a0b01d293c0a2f46d5343e54bbc4e This is more power

[pfx] Re: GMail is rejecting mail I forward

> https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads And because i have to prove myself, See: https://gitlab.com/soyeomul/Gnus/-/commit/59122d99bd6a0b01d293c0a2f46d5343e54bbc4e Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

[pfx] Re: GMail is rejecting mail I forward

> I have set up SPF for my domain, but I don't think that is relevant to > FORWARDING mail (is it?). I use Gmail forwarding like you. DKIM is my friend. This is my configuration [1]. Sincerely, Byung-Hee [1] https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads --

[pfx] Re: Problem setting up postfix on arch linux to forward mail to my gmail account

> Next question is where can I find accurate instructions on setting up the > configuration for arch linux to forward mail to my gmail account? Like as people said, forwarding is not easy. Though if you wish try it, use DKIM. Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))//

[pfx] Re: "danebot" beta release

Benny Pedersen via Postfix-users writes: > Byung-Hee HWANG via Postfix-users skrev den 2023-05-25 05:42: > >> Thanks for good tool, because still i feel very hard to make "3 1 1" >> tlsa things. Someday far later, i'll try this "3 1 1" things. >> Actu

[pfx] Re: "danebot" beta release

Viktor Dukhovni via Postfix-users writes: > On Mon, May 22, 2023 at 09:53:36PM -0400, Viktor Dukhovni via Postfix-users > wrote: > >> Key reuse as a *default* rollover approach is robust. When it is time >> to change keys, one can do so deliberately, and with due care to >> prepublish TLSA

[pfx] Re: DANE and DNSSEC

Joachim Lindenberg via Postfix-users writes: > (...) just mark your calendar to update in September 2025 ... Hellow Joachim! Thanks for remarkble tip ^^^ Sincerely, Byung-Hee ___ Postfix-users mailing list -- postfix-users@postfix.org To

[pfx] Re: DANE and DNSSEC

Benny Pedersen via Postfix-users writes: > Byung-Hee HWANG via Postfix-users skrev den 2023-05-19 04:26: > >> Thanks for advice! >> >>>[renewalparams] >>>reuse_key = True >>>preferred_chain = ISRG Root X1 > >> And

[pfx] Re: DANE and DNSSEC

Viktor Dukhovni via Postfix-users writes: > On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users > wrote: > >> And now i added TLSA record for only *outbond* smtp server, >> . > > It is also your secondary MX host: > > https://stats.dns

[pfx] Re: DANE and DNSSEC

On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users wrote: > Byung-Hee HWANG via Postfix-users writes: > > > Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, > > i did make some DS record at Cloudfalre. > > > > Than

[pfx] Re: DANE and DNSSEC

Byung-Hee HWANG via Postfix-users writes: > Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, > i did make some DS record at Cloudfalre. > > Thanks to Joachim, Patrick and raf ^^^ And now i added TLSA record for only *outbond* smtp server, <>. I rea

[pfx] Re: DANE and DNSSEC

Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, i did make some DS record at Cloudfalre. Thanks to Joachim, Patrick and raf ^^^ Sincerely, Byung-Hee ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe

[pfx] Re: DKIM and DMARC

Tom Reed via Postfix-users writes: > Hello list, > > Should we reject failed message on DKIM validation stage, or DMARC > validation stage, or both? I even DKIM-sign the mail one more time. For forwarding to Gmail. See https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/setup-policy.lua

[pfx] Re: question: "said: 550 Mail was identified as spam"

Hi lty, On Fri, May 12, 2023 at 03:32:45PM +0800, lty--- via Postfix-users wrote: > (...) > We are using postfix 2.11 version. Really? My postfix version are: yw-0919: Postfix 3.3.0 / Ubuntu 18.04 LTS yw-1204: Postfix 3.5.18 / Debian 11 Bullseye And yw-1204 have OpenDKIM 2.11 as *Outbond* SMTP

[pfx] Re: DANE and DNSSEC

raf via Postfix-users writes: > On Thu, May 11, 2023 at 03:17:21PM +0900, Byung-Hee HWANG via Postfix-users > wrote: > >> Hellow Postfix hackers, >> >> I have a questions while reading DANE docs. Is DNSSEC mandotary? For >> making DANE mail server. >&

[pfx] Re: DANE and DNSSEC

Dear Patrick, Patrick Ben Koetter via Postfix-users writes: > (...) > You don't need DNSSEC for your DNS zone *if* your server should DANE-verify > other DANE enabled receiver platforms. In this case all you need to do is run > a DNSSEC-verifying DNS resolver on your server (not

[pfx] Re: DANE and DNSSEC

Joachim Lindenberg via Postfix-users writes: > DNSSEC is mandatory for DANE. Hellow Joachim! Thanks for kind replying ^^^ Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe

[pfx] DANE and DNSSEC

Hellow Postfix hackers, I have a questions while reading DANE docs. Is DNSSEC mandotary? For making DANE mail server. For now i'm running two postfix servers in public. Actually i'm beginner in both DANE and DNSSEC. Any comments welcome! Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

Viktor Dukhovni via Postfix-users writes: > (...) > [ Yes, one could also craft "classless" access(5) tables, ... and rely > only on explicit transport(5) table entries, opting out of all the > taxonomy that makes it easier to reason about Postfix mail routing, > but this is not a good

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > I have setup Postfix so that internally I offer TLS to systems but do not > require it since I have no control over their configuration. I did > extensive testing to ensure that the mail gateway supports TLS and accepts >

[pfx] Re: stop bulk messages

Corey Hickman via Postfix-users writes: > Hello list, > > Some clients abuse the outgoing smtp server for sending bulk messages. > The messages have the same content of business promotion letter. > Do you know how to stop this behavior? > You can not stop it if he/she is paid user. Instead,

[pfx] Re: Domain scoring

Ken Peng via Postfix-users writes: > Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. How about dnswl.org? Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ Postfix-users mailing list --

[pfx] Re: forwarding questions

Tom Reed via Postfix-users writes: > (...) > How can I setup it to both reach local mailbox and forwarding? > You first have to read 3 times very carefully: https://support.google.com/mail/answer/175365?sjid=13805511033984428370-AP I read all emails at Gmail. Yes i'm forwarding user like you.

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

Matus UHLAR - fantomas via Postfix-users writes: > (...) > for envelope from, simple access map should be enough: > http://www.postfix.org/access.5.html > > and use DISCARD Ok. Thanks for the heads-up, Matus! Sincerely, Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))//

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

Andrew Athan via Postfix-users writes: > (...) > My goal is to silently discard all inbound mail from a certain > domain. Or actually, I may wish to redirect all of that mail either to > a flat file (similar to the proposed blackhole transport) or (...) Go with easy way. See header_checks. `man

[pfx] Re: SPF: HELO does not publish an SPF Record

> 2) change smtp_helo_name to > > smtp_helo_name = $mydomain It is very strange, i think. Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to

[pfx] Re: forwarding setup for mailbox user

tom--- via Postfix-users writes: > Hello, > > for a mailbox user, such as my one t...@myposts.ovh, where to define > the forwarding? for example, I want messages sent to this mailbox to > be copied to gmail. Hellow tom, DKIM is good for you if you are domain's owner. This is general

[pfx] Re: invalid and non-fqdn hostname

Ken Peng via Postfix-users writes: > (...) > for instance, 腾讯.公司 is a invalid hostname, but it is a fqdn > hostname which will pass the check by the second clause. Good example, thanks! Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users

[pfx] Re: secondary MX server

Corey Hickman via Postfix-users writes: > Hello, > > Since almost every sending MTA has the queues, do I need a secondary > MX for my domain email? > > I am afraid the secondary MX was abused by spammers. > > Thanks. I am now running secondary mx. It is valuable for me. Use MTA-STS (testing is

[pfx] Re: What is best way for backup solution?

Dear Matt, Matt Kinni via Postfix-users writes: > Are you just talking about backing up the config files in /etc/postfix? > I would recommend using git for version control; there is nothing > special about backing up the postfix configs vis a vis any other > service on your machine. It also

[pfx] What is best way for backup solution?

Hellow, I am running two Postfix servers. Both are in Cloud -- Google GCP and Rimuhosting-EU VM. Recently i thought that i have to backup servers setting values. Because sometimes i meet minor accidents. Somebody say Docker is good for backup. Though i would like to hear more opinions. Any

[pfx] Re: Configuration of postfix on Ubuntu 22

Aosars Repository via Postfix-users writes: > Hi all, > I have installed postfix on Ubuntu server 22 and configured to use gmail > smtp.But it fails to send mails. > Can some share with me a step by step guide on installation and > configuration. At first, as Ralf already mentioned, make

[pfx] Re: Test Post - Please Ignore

duluxoz via Postfix-users writes: > Sorry Everyone, but I need to test if my posts are going through > > Please ignore (or feel free to send me a confirmation) > > Cheers > > Dulux-Oz Looks good. But Subject's prefix [pfx] or [P-U] are too rich. Just it is minority feedback... Sincerely, --