[pfx] Re: DANE and STS

On 2024-07-03 17:25, raf via Postfix-users wrote: > So it's not really easier to just used self-signed > certificates since you'll want a CA-signed certificate > for submission anyway, and you can have the same key > for both. Well I control what devices use the submission port, so I can also

[pfx] Re: DANE and STS

On 2024-06-27 05:24, Viktor Dukhovni via Postfix-users wrote: > Publishing just "R10" will soon fail, when you get a cert from "R11" or > one of the backup issuers R12, R13 or R14. You MUST publish them all to > avoid sudden breakage surprises. Isn't it easier to just used self-signed

[pfx] Re: Best practices?

On 2024-06-19 02:27, Matt Kinni via Postfix-users wrote: > On 2024-06-16 15:21, Cody Millard via Postfix-users wrote: >> smtpd_helo_restrictions = >> ... >> reject_non_fqdn_helo_hostname, >> ... > I've found this to block some legitimate mai

[pfx] Re: Best practices?

On 2024-06-16 15:21, Cody Millard via Postfix-users wrote: > smtpd_helo_restrictions = > ... > reject_non_fqdn_helo_hostname, > ... I've found this to block some legitimate mails in the past from Bank of America, so you may want to grep your logs for "Helo command rejected: Host not

[pfx] Re: What is best way for backup solution?

Are you just talking about backing up the config files in /etc/postfix? I would recommend using git for version control; there is nothing special about backing up the postfix configs vis a vis any other service on your machine. It also wouldn’t hurt to take periodic snapshots of your VMs Sent