Dear Alex,
Am 09.08.24 um 03:51 schrieb Alex via Postfix-users:
Hi,
Stack trace of thread 468215:
#0 0x00404610 strlcpy (vacation + 0x4610)
#1 0x00402e0e main (vacation + 0x2e0e)
#2 0x7f2a6f8a00
Dear Alex,
A kind request in the beginning to not wrap the lines in the quotes.
Am 08.08.24 um 21:07 schrieb Alex via Postfix-users:
I've migrated my config and user data from a fedora38 system to a fedora40
system with postfix-3.8.5 and now vacation is segfaulting for some users. I
don't und
Dear Alex,
Am 08.08.24 um 20:41 schrieb Alex via Postfix-users:
On Thu, Aug 8, 2024 at 2:13 PM Wietse Venema wrote:
Alex via Postfix-users:
I've migrated my config and user data from a fedora38 system to a fedora40
system with postfix-3.8.5 and now vacation is segfaulting for some users.
Dear Postfix users,
A user had their password guessed/leaked, and the account was used to
send spam/phishing messages – but only once an hour or so, so it wasn’t
detected as abnormal traffic. One thing detectable thing would have
been, that the sent unsolicited messages used a different name
Dear Viktor,
Thank you for the quick reply with a solution.
Am 21.01.24 um 16:55 schrieb Viktor Dukhovni via Postfix-users:
On Sun, Jan 21, 2024 at 09:39:06AM +0100, Paul Menzel wrote:
pg.de is currently a parked domain, so our users will not going to
email there, and I would like to
Dear Postfix users,
The Max Planck Society consists of several institutes/organizations each
running their own email infrastructure (which is good, as it’s
decentralized. Most of them have the a subdomain under mpg.de, and
sometimes we notice users from our institute sending emails to
collea
Dear Viktor, dear Wietse,
Am 25.11.22 um 17:25 schrieb Viktor Dukhovni:
On Fri, Nov 25, 2022 at 09:35:28AM -0500, Wietse Venema wrote:
Viktor Dukhovni:
However, in this case the issue is a minor oversight in the Postfix TLS
client code. The intended logging behaviour does not happen. Patch
Dear Eric,
Am 24.10.23 um 11:32 schrieb Eric Doutreleau via Postfix-users:
i m using on my server postfix-3.5.8 and cyrus-sasl-2.1.27
I m using fail2ban too to prevent brute force attack.
my problem is that when a connection failed because of wrong password i
don't know what account is targ
Dear Postfix,
Am 30.09.23 um 22:47 schrieb Viktor Dukhovni via Postfix-users:
Recent news of security issues in Exim appear to in part implicate
libspf2.
[…]
Off-topic for Postfix users, but Tobias Fiebig published the article
*Configuring Postfix as a proxy in front of Exim MTAs* [1].
K
Dear Fourhundred,
Am 09.08.23 um 07:34 schrieb Fourhundred Thecat via Postfix-users:
my email was flagged as spam by Microsoft.
I have the received email, together with all the headers that Microsoft
added. Specifically the item: X-Microsoft-Antispam-Message-Info:
I have found a tool on gith
Dear Jaroslow,
Am 24.07.23 um 19:02 schrieb Jaroslaw Rafa via Postfix-users:
Dnia 24.07.2023 o godz. 17:05:40 Paul Menzel via Postfix-users pisze:
(Also from the legal perspective,
without being a lawyer, I’d say, that actually all German (European)
companies are required to only transmit
Dear Viktor,
Thank you for your reply.
Am 23.07.23 um 23:42 schrieb Viktor Dukhovni via Postfix-users:
On Sun, Jul 23, 2023 at 11:22:26PM +0200, Paul Menzel wrote:
Does it really matter why some site offering opportunistic STARTTLS does
not have a validatable certificate? The connection
Dear Ivan,
Thank you very much for your reply.
Am 12.07.23 um 10:16 schrieb Ivan Hadzhiev:
You can copy from here:
https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem
or you can create it
openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out
/etc/postfi
Dear Postfix folks,
The Internet.nl email test, reports for molgen.mpg.de [1]:
Key exchange parameters
Verdict: At least one of your mail servers supports insufficiently
secure parameters for Diffie-Hellman key exchange.
Technical details:
c1241.mx.srv.dfn.de.DH-2048 insufficien
Dear Postfix folks,
Apple Mail violates the standard [1], resulting in attachments only
being shown in the HTML view.
This behaviour is to be expected given the incorrect MIME structure
of the message. It is:
multipart/alternative
text/plain
multipart/mixed
text/html
attachment
Dear Postfix folks,
Running the *Public Email & DNS Testbed* [1], I was reminded, that we
have MTA-STS set up, but do not take the MTAT-STS policy of other
domains into account.
As a solution I found *postfix-mta-sts-resolver* [2], which warns about
a “RFC violation” [3]:
### Warning: MT
Dear Matus,
Thank you for your reply.
Am 03.05.23 um 15:02 schrieb Matus UHLAR - fantomas via Postfix-users:
On 03.05.23 14:53, Paul Menzel via Postfix-users wrote:
Some of our users, that relocate, ask for a custom message over the
current one:
user has moved to new_location
For
Dear Postfix users,
Some of our users, that relocate, ask for a custom message over the
current one:
user has moved to new_location
For example:
This address is out of service. For business please contact
funct...@company.example.net, or n...@private.example.net for private
contac
Dear Postfix users,
We are using
smtp_tls_security_level = dane
smtp_tls_policy_maps = hash:/project/mx/etc/tls_policy
where the file `tls_policy` contains the domains of several research
institutions to use the security level `verify` or even `secure`.
All other TLS connections wit
Dear Bill,
Thank you for your reply.
Am 21.11.22 um 19:05 schrieb Bill Cole:
On 2022-11-21 at 12:18:33 UTC-0500 (Mon, 21 Nov 2022 18:18:33 +0100)
Paul Menzel is rumored to have said:
With Postfix 3.6.0-RC1 and
# postconf -n smtp_tls_security_level
smtp_tls_security_level = dane
Dear Postfix folks,
With Postfix 3.6.0-RC1 and
# postconf -n smtp_tls_security_level
smtp_tls_security_level = dane
the Postfix SMTP client logs several untrusted TLS connections for hosts
with a good TLS certificate setup.
It’s mainly German research organizations using the DFN-Mai
Dear Postfix folks,
Am 17.02.22 um 15:56 schrieb Paul Menzel:
Am 17.02.22 um 10:57 schrieb Paul Menzel:
Using Postfix 3.6.0-rc1, for an email sent to x.y.molgen.mpg.de it
looks up the TLSA records for y.molgen.mpg.de instead of
x.y.molgen.mpg.de:
2022-02-12T12:02:21+01:00 tldr
Dear Postfix folks,
Am 17.02.22 um 10:57 schrieb Paul Menzel:
Using Postfix 3.6.0-rc1, for an email sent to x.y.molgen.mpg.de it looks
up the TLSA records for y.molgen.mpg.de instead of x.y.molgen.mpg.de:
2022-02-12T12:02:21+01:00 tldr postfix/smtp[25656]: warning: TLS policy
lookup
Dear Postfix folks,
Using Postfix 3.6.0-rc1, for an email sent to x.y.molgen.mpg.de it looks
up the TLSA records for y.molgen.mpg.de instead of x.y.molgen.mpg.de:
2022-02-12T12:02:21+01:00 tldr postfix/smtp[25656]: warning: TLS
policy lookup for github.molgen.mpg.de/github.molgen.mpg.de:
Dear Postfix users,
I couldn’t find a Make rule to install `posttls-finger`? Did I overlook
something, or would I need to copy it manually?
Kind regards,
Paul
Dear Wietse,
Am 27.04.21 um 14:49 schrieb Wietse Venema:
Paul Menzel:
In our infrastructure, we are building Postfix from source with an
unprivileged user, and also try to run most services as an unprivileged
user. Privileged ports are forwarded to unprivileged ports, used by the
service
Dear Postfix folks,
In our infrastructure, we are building Postfix from source with an
unprivileged user, and also try to run most services as an unprivileged
user. Privileged ports are forwarded to unprivileged ports, used by the
service, by configuring Linux’ packet filter rules with *iptab
Dear Postfix folks,
On 02/19/18 20:11, Wietse Venema wrote:
> Jonathan Sélea:
[...]. One can of course automate periodic SMTP TLS policy
updates from the STS URIs of a handful of providers, and let the
usual outbound TLS policy take care of the rest:
http://www.postfi
Dear Viktor,
On 09/26/18 16:46, Paul Menzel wrote:
> On 09/26/18 09:37, Viktor Dukhovni wrote:
>
>>> On Sep 26, 2018, at 2:57 AM, Bernhard Schmidt wrote:
>>>
>>> Large parts of the german universities now use the DFN MailSupport
>>> (= inbound
Dear Viktor, dear Bernhard,
On 09/26/18 09:37, Viktor Dukhovni wrote:
>> On Sep 26, 2018, at 2:57 AM, Bernhard Schmidt wrote:
>>
>> Large parts of the german universities now use the DFN MailSupport
>> (= inbound mailrelaying and filtering by DFN). The MX records are
>> in mx.srv.dfn.de, whic
Dear Viktor,
Am 25.09.2018 um 17:42 schrieb Viktor Dukhovni:
On Sep 25, 2018, at 11:34 AM, Viktor Dukhovni
wrote:
The DANE survey finds 21 domains with DFN-Verein certificates and working
DANE. There are almost certainly some that don't have DANE TLSA records,
but they could if they wanted
Dear Postfix folks,
Currently, our `/etc/postfix/tls_policy` looks like below to force
encryption when sending messages to other servers in our organization.
mpg.deencrypt
.mpg.de encrypt
We want to improve that. Unfortunately, DA
Dear Postfix folks,
Looking at the Postfix Web site [1], I couldn’t find any information if
Postfix needs financial support to ensure the maintenance and
improvement of the code.
As the background, a lot of public organizations use Postfix in their
infrastructure, and, as for example with O
Dear Viktor,
On 07/06/17 20:11, Viktor Dukhovni wrote:
On Thu, Jul 06, 2017 at 07:37:47PM +0200, Paul Menzel wrote:
There are several SMTP servers, where messages should only be sent over a
secure channel. But, the postmasters have set up the servers differently.
Some use CAs to sign their
Dear Gary,
On 09/11/17 11:20, Gary wrote:
https://threatpost.com/google-reminding-admins-http-pages-will-be-marked-not-secure-in-october/127709/
This site says Oct 24. I recall Oct 1. Maybe it was pushed back.
Please note, this is about the HTTP/HTTPS protocols and not SMTP.
[…]
Kind reg
Dear Gary,
On 09/11/17 10:59, Gary wrote:
[…]
(Fortunately I'm on a test domain, getting ready for the Oct 1st Google >
insistence on encryption.)
Could you please point me to the relevant announcement about that policy
change?
[…]
Kind regards,
Paul
Dear Mohammed,
On 08/14/17 12:53, Mohammed Khalid Ansari wrote:
I have configured my postfix to run on 587. When I choose connection type as
'STARTTLS' everything is fine but when I choose 'SSL/TLS', the client throws
error.
Normally, but deprecated, port 465 is used for “direct” SSL/TLS (wi
Dear Nikolaos,
On 07/27/17 11:54, Nikolaos Milas wrote:
We are moving to a new (virtual) server (from CentOS 5 with Postfix
2.11.6 to CentOS 7 with Postfix 3.2.2).
I have moved the original configuration to the new server and Postfix
won't start; I am getting:
# systemctl status postfix
Dear anonymous,
On 07/24/17 14:33, post...@xmas.de wrote:
isn't it possible to enforce TLS outbound to an MX ?
In the example below, if mx0.example.com isn't offering TLS the email is
sent unencrypted !?
Enforcing TLS to a domain ist working as expected. >
tls_policy:
[mx0.example.com]
Dear Zalezny,
On 07/11/17 09:31, Zalezny Niezalezny wrote:
I would like to know your opinion about selinux + postfix?
Does anyone using it? Does it make sense to set up some policies for
postfix?
It largely depends on your threat model, but in my opinion, as it
doesn’t hurt, I would say it
Dear Postfix users,
First I am sorry, for probably bringing up a topic, which has probably
discussed to end on this list, like [1], and in the end was probably a
user error. I’ll try to provide the information requested in [1]. Thank
you for your patience and help in advance.
The goal is to
Dear Postfix folks,
There are several SMTP servers, where messages should only be sent over
a secure channel. But, the postmasters have set up the servers
differently. Some use CAs to sign their certificates and some DANE with
self-signed certificates.
To avoid maintaining two TLS policies,
42 matches
Mail list logo
