Re: $queue_directory/private permissions

On 2019-03-25 1:32 a.m., Viktor Dukhovni wrote: >> On Mar 24, 2019, at 8:17 PM, Simon Deziel wrote: >> >> I was not clear because my issue is indeed with those accesses before >> privs get dropped. I noticed that tlsproxy accesses tlsmgr's socket >> while sti

Re: $queue_directory/private permissions

On 2019-03-24 5:46 p.m., Wietse Venema wrote: > Simon Deziel: >> I can think of 2 ways to workaround this. One is to tell Apparmor to >> grant the tlsproxy process the needed capability and the other is to >> have the $queue_directory/private directory perms set to 0710 w

Re: $queue_directory/private permissions

On 2019-03-24 6:02 p.m., Viktor Dukhovni wrote: >> On Mar 24, 2019, at 4:33 PM, Simon Deziel wrote: >> >> I am running postfix (3.3.0-1ubuntu0.2) confined by Apparmor and I >> noticed the tlsproxy process is apparently trying to connect to tlsmgr's >> Unix

$queue_directory/private permissions

Hello, I am running postfix (3.3.0-1ubuntu0.2) confined by Apparmor and I noticed the tlsproxy process is apparently trying to connect to tlsmgr's Unix socket while still running as root. Since tlsmgr's socket is stored under $queue_directory/private that has perms set to 0700 and owned by postfi

Re: postscreen on Debian

On 12-10-10 09:56 AM, Peter Berghold wrote: > On Wed, Oct 10, 2012 at 9:43 AM, Peter Berghold > wrote: > > Am I missing something here or is postscreen missing from Debian > 6.0.3? At what version of postfix is postscreen included? > > > OK... found my a

Re: Postfix Hold queue

On 12/01/2011 04:56 AM, Roland de Lepper wrote: > Hi, > > Where're planning to migrate postfix from Suse to Ubuntu 10.04 LTS. The > Postfix version on Suse has an higher version number than in Ubuntu > 10.04LTS (2.7.2 - 2.7.0). You might consider enabling the backport repository that provides Pos

Re: statistics tool for postfix log files

On 10/28/2011 02:23 PM, James Seymour wrote: > On Fri, 28 Oct 2011 13:17:12 +0200 > wei...@dfbnet.org wrote: > >> Hi all, > [snip] >> >> I read about mailgraph and pflogsumm but these stats are not >> as detailed as i try to have. > > You want *more* detail than Pflogsumm gives? Wow. Most peop

Re: Content filter after DKIM proxy

On 10/18/2011 01:41 PM, Simon Brereton wrote: > On 18 October 2011 13:27, Simon Deziel wrote: >> On 10/18/2011 01:12 PM, Simon Brereton wrote: >>> Hi >>> >>> I expect that this is not recommended practice, but before I implemented >>> DKIM signing

Re: Content filter after DKIM proxy

On 10/18/2011 01:12 PM, Simon Brereton wrote: > Hi > > I expect that this is not recommended practice, but before I implemented DKIM > signing, Amavis used to scan ALL mail - incoming and outgoing - and I was > happy with that. I don't know if that's would suites you but Amavis is capable of pe

Re: Thunderbird SMTP to postfix - no response to greeting

On 09/24/2011 01:22 PM, Steve Weigold wrote: > > Greetings everyone, > > I'm testing a postfix install on a machine on my local lan. Although I > don't expect it to be relevant to the problem, it's an embedded debian > system. Postfix is configured to relay through an ISP email server to > send

Re: Blacklists for you MTA

On 09/19/2011 02:29 PM, John Levine wrote: >> My current config is as follows: > > This one: > >> reject_rbl_client zen.spamhaus.org, > > Includes these three, so there's no point in using them. > >> reject_rbl_client dnsbl.njabl.org, zen.spamhaus.org does not seem to include dnsbl.njabl.org a

Re: fqrdns.pcre and IPv6

On 07/06/2011 09:13 AM, Noel Jones wrote: > On 7/6/2011 2:32 AM, Henrik K wrote: >> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote: >>> On 7/6/2011 12:07 AM, Simon Deziel wrote: >>>> Hi all, >>>> >>>> Since I started us

Re: fqrdns.pcre and IPv6

On 07/06/2011 03:32 AM, Henrik K wrote: > On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote: >> On 7/6/2011 12:07 AM, Simon Deziel wrote: >>> Hi all, >>> >>> Since I started using Stan's fqrdns.pcre file to reduce spam I have some >>>

fqrdns.pcre and IPv6

via ISP #postmap -q "2001:888:2000:d::aa" pcre:/etc/postfix/fqrdns.pcre What's odd is that only 12 rules reject without mentioning the specific ISP name/relay name and none of them should match an IPv6. I am probably missing something here and would greatly appreciate any help on this.