On Mon, Nov 06, 2023 at 11:55:44AM +0100, lejeczek via Postfix-users wrote:
> I'm thinking having each box's root I'd forward to _allmail@my.private_ -
> probably it's how many, if not everybody, do it.
> Here, my 'allmail' is a user which exists, via Dovecoto auth, on all boxes.
> What I struggle
On Sun, Nov 05, 2023 at 12:13:17PM +, Matthias Nagel via Postfix-users
wrote:
> Viktor, you recommend to use proxymap in combination with LDAP,
Yes.
> especially if all LDAP lookups use the same connection.
Regardless of whether the connection settings are the same across all
tables. But
On Sat, Nov 04, 2023 at 09:48:32AM -0400, Wietse Venema via Postfix-users wrote:
> To be precise: Postfix opens your LDAP configuration file and asks
> the LDAP library to create an LDAP client instance, before entering
> the chroot jail and before accepting any SMTP client commmands.
>
> HOWEVER
On Fri, Nov 03, 2023 at 02:29:55PM +1100, duluxoz via Postfix-users wrote:
> Quick Q: Do the individual `-o` options in the `master.cfg` file *add to* or
> *override* the equivalent option in the `main.cfg` file?
https://www.postfix.org/master.5.html
--
Viktor.
_
On Thu, Nov 02, 2023 at 09:35:47AM +0200, Jaco Lesch via Postfix-users wrote:
> > I would have tried instead:
> >
> > PKG_CONFIG_PATH=/usr/openssl/3/lib/64/pkgconfig \
> > make makefiles dynamicmaps=yes shared=yes \
> > openssl_path="/usr/openssl/3/bin/openssl" \
> >
On Wed, Nov 01, 2023 at 12:07:31PM +0200, Jaco Lesch via Postfix-users wrote:
> Building an OpenSSL Application
> The development files are available in the /usr/openssl/3/sub-directo-
> ries. To build an OpenSSL application, use the following cc command
> line options:
On Tue, Oct 31, 2023 at 01:38:13PM -0400, Michael W. Lucas via Postfix-users
wrote:
> That's what I would have thought. I can run postmap -s and postmap -q
> on the usual db files in /etc/postfix just fine, but when I try it on
> /var/db/postfix/postscreen_cache.db it just hangs:
That's expected
On Tue, Oct 31, 2023 at 08:22:50AM -0400, Brendan Kearney via Postfix-users
wrote:
> > But since you mentioned haproxy and multiple nodes, you're still only
> > working your way up to base-camp...
> >
> so, yes, full blown GSSAPI with all the fixin's.
> The syncing of the keytab across the clu
On Tue, Oct 31, 2023 at 09:39:36AM -0400, Wietse Venema via Postfix-users wrote:
> > make makefiles \
> > CC="/usr/bin/gcc" \
> > CCARGS="-m64 -DHAS_DB -DNO_NIS -DUSE_TLS -I/usr/openssl/3/include"
> > \
> > AUXLIBS="-R/usr/openssl/3/lib -L/usr/openssl/3/lib -ldb -lssl
on Mon, Oct 30, 2023 at 08:19:16PM -0400, Brendan Kearney via Postfix-users
wrote:
> I am setting up submission behind haproxy and want to use kerberos
> authentication via SASL.
Do you mean *actual* Kerberos authentication (as in the SASL GSSAPI
mechanism) with Kerberos tickets provided by the
On Mon, Oct 30, 2023 at 03:54:10PM -0400, Scott Kitterman via Postfix-users
wrote:
> > Scott Kitterman, when he gets around to reading this thread will I hope
> > have more to say the subject.
>
> I've implemented the options from OpenDKIM that I thought made sense. If
> it's
> in the document
On Mon, Oct 30, 2023 at 10:06:46AM +0100, Jens Hoffrichter via Postfix-users
wrote:
> We are looking into implementing DKIM signing for one of our services,
> and there are multiple ways to implement that.
>
> So far I have found that you can do it with opendkim and amavis - any
> recommendation
On Thu, Oct 26, 2023 at 07:46:40PM -0400, Joey J via Postfix-users wrote:
> My only concern is if there is as an example a recipient that has literally
> 2K email addresses with LDAP/AD, which associates with how much inbound
> mail wont that slow down delivery a good amount, and potentially creat
On Thu, Oct 26, 2023 at 07:11:23PM -0400, Joey J via Postfix-users wrote:
> To confirm, I'm creating the list of valid emails to accept and then
> forward and if not in that list reject.
No, my advice is to replace the "list" with live LDAP queries to AD,
on demand during each SMTP transaction.
On Thu, Oct 26, 2023 at 06:32:53PM -0400, Wietse Venema via Postfix-users wrote:
> > I'm trying to see if someone has a good app to connect to an exchange or
> > O365 server either via LDAP or AD to grab all of the legitimate email
> > accounts, forwarding accounts and Groups in order to build a
>
On Thu, Oct 26, 2023 at 01:56:40PM -0500, sandm...@rice.edu wrote:
> > So the cases that use ${recipient_delimiter} will only match addresss that
> > actually have an extension. If you want to use it unconditionally, you'll
> > need to use a literal "+", instead.
>
> Wow! There is no need for
On Thu, Oct 26, 2023 at 12:38:22PM -0500, sandmant--- via Postfix-users wrote:
> I am updating a system from postfix-2.10.1 to postfix-3.5.9 (and
> RHEL7->RHEL9), and it seems my forward_path is no longer getting
> processed correctly.
The Postfix local delivery agent is extremently stable well-t
On Tue, Oct 24, 2023 at 07:05:13PM +0200, Eric Doutreleau wrote:
> then i have to check in the cyrus-sasl side
Cyrus SASL is just a library. It isn't its job to make independent
decisions about what to log. It may have a "debug level" knob that
Postfix could tweak, but running in "debug mode" i
On Tue, Oct 24, 2023 at 12:52:37PM +0200, Paul Menzel via Postfix-users wrote:
> Jozsef Kadlecsik submitted a patch, and it was accepted and is going to be
> available in the 3.9 release [1].
>
> > 20231006
> >
> > Cleanup: attempt to log the SASL username after authentication
> > failur
On Wed, Oct 18, 2023 at 10:17:52PM +0200, Markus Ueberall wrote:
> On 18.10.23, 22:11 Markus Ueberall wrote via Postfix-users:
> > I just tried an explicit "_25._tcp" CNAME as suggested above (using the
> > shared RRset) /alongside/ the existing "*._tcp" CNAME which I did not
> > want to remove/re
On Tue, Oct 17, 2023 at 12:42:39PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > [...] it took a while to realize that the above "STARTTLS,QUIT"
> > behaviour is due to the fact that said outbound systems do not like to come
> > across non-matching TLSA entries
On Tue, Oct 17, 2023 at 05:47:11PM +0200, Markus Ueberall via Postfix-users
wrote:
> On 17.08.23, 01:48 Viktor Dukhovni wrote via Postfix-users:
> > So far, the pattern of Microsoft's outbound systems disconnecting
> > immediately after a completed TLS handshake strongly correlates with a
> > bro
On Mon, Oct 16, 2023 at 10:08:37AM -0500, B Williams wrote:
> Huge thank you to Viktor and Tom for their ideas. I ended up using
> this route (without the hash maps as the config doesn’t change much).
Note that Tom's suggestion doesn't quite work as advertised.
The configuration parameters:
On Mon, Oct 16, 2023 at 10:33:34AM +0300, Ivan Ionut via Postfix-users wrote:
> Hi, I'm using postscreen dnsbl configuration to block some spam:
>
> postscreen_blacklist_action = drop
> postscreen_dnsbl_threshold = 4
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites =
> zen.spamhau
On Sun, Oct 15, 2023 at 11:40:57AM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > This is rather straightforward with access(5) rules:
> >
> > smtpd_restriction_classes = reject_unfiltered
> >
> > # Allow the filtering service IPv4/IPv6 CIDR blocks a
On Sun, Oct 15, 2023 at 08:52:18AM -0500, B Williams via Postfix-users wrote:
> So what I’m trying to devise is a strategy that would allow me to
> reject email for some domains if it didn’t come through the spam
> filtering service, but allow messages for other domains to be
> delivered that I do
On Fri, Oct 13, 2023 at 11:53:06AM +0200, Joachim Lindenberg via Postfix-users
wrote:
> Are there any ideas or plans to implement SMTP Require TLS Option (RFC
> 8689) in postfix?
No current plans. The most viable and useful part of the RFC is the
part that allows a message to *opt out* of TLS,
On Thu, Oct 12, 2023 at 02:02:55AM +0200, Daniel Ryšlink via Postfix-users
wrote:
> It's generally very useful to set up a specific transport for "sensitive"
> domains like gmail.com with specific policy (throttling outgoing message
> rate, etc).
>
> However, since more and more hosted domains u
On Fri, Oct 06, 2023 at 06:50:38PM -0400, Wietse Venema via Postfix-users wrote:
> +} else {
> + server->username = mystrdup(serverout);
> + printable(server->username, '?');
I might note that when UTF8 is enabled, this does correctly leaves valid
UTF8 characters undisturbed.
However
On Thu, Oct 05, 2023 at 04:18:35PM -0400, Alex via Postfix-users wrote:
> I think I'm having a problem with my certificate for submission not
> being configured properly. I'm trying to install roundcube but having
> a problem with properly configuring the cert for submission, but when
> using open
On Thu, Oct 05, 2023 at 10:44:43AM +0700, Olivier via Postfix-users wrote:
> How is it possible to configure Postfix to filter messages of the
> form: from invalidu...@mydomain.com to validu...@mydomain.com
>
> I have been receiving quite a lot recently and they are trash.
https://www.postfi
On Wed, Oct 04, 2023 at 04:18:43PM +0200, Kevin Cousin via Postfix-users wrote:
> > We have a solution for that, and that is not slowing down message
> > arrivals or speeding up deliveries.
>
> Mails are arriving fast, they arrive quicly enough to fill the active
> queue.
SHOULD all these messa
On Tue, Oct 03, 2023 at 06:29:08PM -0400, Wietse Venema via Postfix-users wrote:
> > My first wild guess is setting in_flow_delay to a higher value might
> > help. Note this may be completely inappropriate for your specific
> > application.
> > http://www.postfix.org/postconf.5.html#in_flow_del
On Sun, Oct 01, 2023 at 05:41:22AM +0200, Paul Menzel wrote:
> Am 30.09.23 um 22:47 schrieb Viktor Dukhovni via Postfix-users:
> > Recent news of security issues in Exim appear to in part implicate
> > libspf2.
>
> Off-topic for Postfix users, but Tobias Fiebig
On Sat, Sep 30, 2023 at 01:58:17PM -0800, Mike via Postfix-users wrote:
> This is probably obvious to most, but not being a current user of
> DKIM/DMARC, why don't you verify DKIM, or enforce DMARC for inbound
> mail?
The "problems" that DMARC attempts to solve aren't an issue on my end.
I don't
On Sun, Oct 01, 2023 at 12:00:25AM +0300, mailmary--- via Postfix-users wrote:
> In my case, libspf2 is a dependent package of OpenDMARC
Not surprising, since DMARC takes both DKIM and SPF into account.
On my system, I sign outgoing mail with DKIM, but neither verify DKIM
signatures, nor attempt
Recent news of security issues in Exim appear to in part implicate
libspf2.
While Postfix does not directly use libspf2, and the issues could
perhaps be in part related to how libspf2 is integrated into Exim, it
may be prudent for Postfix administrators to audit their MTA software
stack for plugin
On Tue, Sep 26, 2023 at 05:55:59PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
> Scoring (instead of simply banning) mail sender is quite effective, because
> you don't have to receive and parse whole e-mail.
This is drifting off-topic for Postfix. Perhaps continue the discussion
on
On Tue, Sep 26, 2023 at 10:49:30AM +0200, Eray Aslan via Postfix-users wrote:
> On Mon, Sep 25, 2023 at 05:51:05PM -0400, Viktor Dukhovni via Postfix-users
> wrote:
> > Not, dangerous, just largely pointless, with *potential* complications,
> > unless there are servers that can
On Tue, Sep 26, 2023 at 11:12:53AM +1000, raf via Postfix-users wrote:
> Sadly, I need smtp_address_preference = ipv4 because some
> reputation systems (spamhaus, I think) don't realise
> that an entity might only have a single ipv6 address.
> They seem to think that everyone has at least 64 addre
On Mon, Sep 25, 2023 at 10:47:44PM +0200, A. Schulze via Postfix-users wrote:
> If operating SMTP clients with a client certificate is so dangerous
> and has no value, why would google go that?
Not, dangerous, just largely pointless, with *potential* complications,
unless there are servers that c
On Mon, Sep 25, 2023 at 04:24:55PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > Do you have SMTP client TLS connection reuse enabled? If so, TLS
> > connections are made via tlsproxy(8), with the smtp(8) client
> > unaware of any initialisation issues until STARTTLS.
>
> Well spotted
On Mon, Sep 25, 2023 at 12:29:52AM +0200, Ralph Seichter via Postfix-users
wrote:
> > I have been cutoff from the Postfix web site due to it apparently
> > being a TOR exit node in Germany.
>
> The server hosting the Postfix website, run by yours truly, is neither
> located in Germany, nor is it
On Sun, Sep 24, 2023 at 09:49:52PM +0100, Polarian wrote:
> > No, the choice should be random, to give messages a decent chance of
> > getting through under various conditions.
>
> Why would you ever want to use a protocol randomly?
Because gives mail the best chance to be delivered, if necessar
On Sun, Sep 24, 2023 at 07:55:16PM +0100, Polarian via Postfix-users wrote:
> > Use the Postfix smtp_address_preference default: random selection.
> > If an MX host has IPv4 and IPv6 addresses, this ensures that mail
> > won't get stuck in the queue when one of the protocols is not
> > working for
On Sat, Sep 23, 2023 at 04:24:33PM -0700, Noah via Postfix-users wrote:
> I am provisioning an postfix installation. Is there an example
> configuration for finding aliases from a mysqldb and also checking the
> /etc/aliases file please?
Have you looked at:
https://www.postfix.org/postconf.
On Mon, Sep 18, 2023 at 04:42:39PM -0400, Mike Bianchi via Postfix-users wrote:
> Thunderbird works with *.mail.pairserver.com connections, inbound and
> outbound.
You almost certainly have authentication configured in Thunderbird, by
configuring a suitable account name and password.
> ...
On Mon, Sep 18, 2023 at 10:09:28AM -0400, Curtis Maurand via Postfix-users
wrote:
> I'm getting a DNS failure on my setup that gmail is not getting. It's
> a delegated subdomain. I'm getting this temp error. the relevant
> message header is below.
>
> Authentication-Results: sirius.xyonet.com;
On Mon, Sep 18, 2023 at 10:31:59AM +1000, Phil Biggs via Postfix-users wrote:
> >From what I could understand, it seems the recommendation was to return the
> same value as Linux. Is that something postfix would need to take into
> account? It also seems to be informational only.
The real int
On Mon, Sep 18, 2023 at 09:38:49AM +1000, Phil Biggs via Postfix-users wrote:
> > https://lists.freebsd.org/archives/freebsd-net/2022-October/002556.html
>
> Ah, just saw this but it's getting way beyond my skill level :-)
>
> Does that invalidate the bug report?
The change in error number and
On Sun, Sep 17, 2023 at 06:20:53PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> Yesterday we upgraded LE certs and it seems – we haven't had time to
> investigate in that yet – SELinux bite Postfix where it shouldn't.
> Astonishingly SELinux has been running like that for 193 days and th
On Mon, Sep 11, 2023 at 09:30:27PM -0400, Alex via Postfix-users wrote:
> I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and
> receiving the following errors in my logs:
>
> Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
> problem: error:0AC1:SSL routi
On Mon, Sep 11, 2023 at 09:15:10AM -0700, Fred Morris via Postfix-users wrote:
> I think we've reached the limits of scope for a mailing list devoted to an
> MTA. It appears that traffic improbably ends up at 192.168.20.20. That's
> probably good enough, digging into the /why/ could become a hobby
On Mon, Sep 11, 2023 at 09:59:55AM +0200, François Patte via Postfix-users
wrote:
> > If you continue to treat the hostname of your ISP's (FAI's) SMTP relay
> > as restricted sensitive information, the help you'll receive will also
> > be restricted to vague generalities.
>
> My new main.cf :
>
On Sun, Sep 10, 2023 at 09:47:44AM +0200, Zorg via Postfix-users wrote:
> let me explain, I m searching to relay mail according to the IP of
> origin of the mail.
Postfix does not have any support for this. The closest similar feature is:
sender_dependent_default_transport_maps
> But can't
On Sun, Sep 10, 2023 at 07:36:07AM +, Serg via Postfix-users wrote:
> My email server sends lots of emails to networks in China, however
> they seem to have packet loss due to what my postfix instance
> struggles to deliver letters to them - only few letters occasionally
> got successfully sen
On Sun, Sep 10, 2023 at 10:38:27AM +0200, François Patte via Postfix-users
wrote:
> > > > > Sep 9 16:50:49 myserver postfix/smtp[205832]: 92BEFB4BEA:
> > > > > to=, relay=my-fai-smtp[x.x.x.x]:465,
> > > > > delay=0.22,
> > > > > delays=0.04/0.08/0.08/0.02, dsn=5.0.0, status=bounced (host
> > >
On Sat, Sep 09, 2023 at 07:37:13PM +0200, François Patte via Postfix-users
wrote:
> > > As my postfix install is configured, I get only (in mail-log):
> > >
> > > Sep 9 16:50:49 myserver postfix/qmgr[205575]: 92BEFB4BEA:
> > > from=, size=484, nrcpt=1 (queue active)
> > > Sep 9 16:50:49 myserv
On Sat, Sep 09, 2023 at 06:55:03PM +0200, François Patte via Postfix-users
wrote:
> I would like to use my fai smtp server to send mails using postfix.
>
> As my postfix install is configured, I get only (in mail-log):
>
> Sep 9 16:50:49 myserver postfix/qmgr[205575]: 92BEFB4BEA:
> from=, size
On Sat, Sep 09, 2023 at 06:24:27PM +1000, duluxoz via Postfix-users wrote:
> ***My Questions***
>
> In the mail.example.local's postfix main.cf file:
>
> 1. Should mydomin be set to example.local or one of the external facing
>domains?
The value of this parameter is used as the default suff
On Sat, Sep 09, 2023 at 08:10:19PM +1000, lists--- via Postfix-users wrote:
> hmmm, noticed that system has quite high load average, reaching 1.5/1.6
> when I was checking... is that my problem ? or part of it ?
> have I overloaded/underresourced ?
>
> Tasks: 114, 98 thr; 2 running 2
> Load ave
On Fri, Sep 08, 2023 at 11:13:02PM +1000, lists--- via Postfix-users wrote:
> # grep "C92564346E5" /var/log/maillog
> Sep 8 16:41:31 geko postfix/cleanup[15407]: C92564346E5:
> message-id=
> Sep 8 16:41:31 geko postfix/qmgr[1654]: C92564346E5: from=,
> size=3262, nrcpt=1 (queue active)
> Sep
On Fri, Sep 08, 2023 at 08:35:47PM +0300, mailmary--- via Postfix-users wrote:
> > > Two quick questions:
> > >
> > > 1) How do I force an email address to NOT be able to send email, but
> > > still receive.
> >
> > [...]
> >
> > > 2) How do I force an email address to NOT be able to receive
On Fri, Sep 08, 2023 at 05:15:45PM +0300, mailmary--- via Postfix-users wrote:
> Two quick questions:
>
> 1) How do I force an email address to NOT be able to send email, but still
> receive.
https://www.postfix.org/SMTPD_ACCESS_README.html#lists
https://www.postfix.org/access.5.html
On Mon, Sep 04, 2023 at 05:08:15PM -0400, Wietse Venema via Postfix-users wrote:
> Viktor Dukhovni via Postfix-users:
> > On Mon, Sep 04, 2023 at 12:18:38PM -0400, Viktor Dukhovni via Postfix-users
> > wrote:
> >
> > > It is best to enable this for outbound
On Mon, Sep 04, 2023 at 12:18:38PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> It is best to enable this for outbound mail only, i.e. messages that
> arrive on the submission ports or through local submission via
> sendmail(1)->postdrop(1)->pickup(8). That way, inbound
On Mon, Sep 04, 2023 at 11:43:06AM -0400, Wietse Venema via Postfix-users wrote:
> This is now included with the Postfix 3.9 development release (i.e.
> it will be part of the Postfix 3.9 stable release early 2024. I
> changed the name for clarity, and the updated manpage text is below.
>
>
On Sun, Sep 03, 2023 at 10:03:02PM +0200, roughnecks via Postfix-users wrote:
[ Nothing in this thread is about Postfix, so this is not the right
forum for further discussion. ]
> I'm struggling with an issue for a .space domain which gets triggered by
> Spamassassin as PDS_OTHER_BAD_TLD (Unthr
On Thu, Aug 31, 2023 at 07:53:03AM +0200, Jaroslaw Rafa via Postfix-users wrote:
> Did you also add the entry for "domain2.tld" itself (without "@" at the
> beginning) to virtual_alias_maps, so that Postfix knows that it should
> handle mail for this domain?
That's a deprecated backward's compati
On Tue, Aug 29, 2023 at 05:47:00PM +0200, Étienne Miret via Postfix-users wrote:
> > So what's the difference between a MAriaDB Client file and the
> > various "tls_" settings in the connection.cf file
>
> I was thinking about the MariaDB `ssl` setting, that enable TLS without
> validating server
On Tue, Aug 29, 2023 at 06:42:46PM +1000, Matthew J Black via Postfix-users
wrote:
> ~~~
> postmap: warning: connect to mysql server sql.my_example.com: Access denied
> for user 'mail-user'@'192.168.1.101' (using password: YES)
> postmap: fatal: table mysql:/etc/postfix/sql_vdomains.cf: query err
On Mon, Aug 28, 2023 at 04:14:33PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> However, neither eventuality is at all likely. My take is that it would
> not be an unwelcome breaking change to apply the table in any context
> other than SMTP ingres.
s/would not be
On Mon, Aug 28, 2023 at 09:01:35PM +0200, Étienne Miret via Postfix-users wrote:
> Anyway, I promised a documentation patch that would make this more
> explicit, here it is! Sorry it took me a little long to do it, as I have
> been busy on other issues.
The documentation patch seems to suggest
On Sun, Aug 27, 2023 at 02:33:49PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> I hope that Comcast will relax their limits to allow at least 2 (ideally
> closer to 5 or 10) recipients per message so long as the sending system
> does not have a "known bad" reputati
On Sun, Aug 27, 2023 at 04:06:18PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> If the aliases(5) table has actually been rebuilt, and the message
> is now deliverable, the background refresh is supposed to happen:
>
> address_verify_negative_refresh_time (default: 3h)
On Sun, Aug 27, 2023 at 01:41:19PM -0600, Pete Holzmann wrote:
> Ummm... Viktor, how many people do *you* think have read the fine
> documentation on every verification option they use in their main.cf
> restriction configurations?
I don't know. What I do know is that using features whose docum
On Sun, Aug 27, 2023 at 11:12:03AM -0700, Bill Sommerfeld via Postfix-users
wrote:
> On 8/27/23 00:13, Wietse Venema via Postfix-users wrote:
> > Would it be sufficient to never send more than 1 recipient per
> > mesage, thus never trigger their temporary "block all mail" strategy,
> > and avoid
On Sun, Aug 27, 2023 at 10:25:10AM +0200, lutz.niederer--- via Postfix-users
wrote:
> In postconf > smtpd_command_filter section there is an example for never
> bouncing mails (no DSN):
>
> # Bounce-never mail sink. Use notify_classes=bounce,resource,software
> # to send bounced mail to
On Sun, Aug 27, 2023 at 03:13:43AM -0400, Wietse Venema via Postfix-users wrote:
> Bill Sommerfeld via Postfix-users:
> > About three years ago there was a thread on postfix-users ("Comcast 421
> > throttling multiple recipients") discussing a low-traffic site having
> > difficulties sending to
On Fri, Aug 25, 2023 at 08:07:01PM -0600, Pete Holzmann via Postfix-users wrote:
> SUMMARY
>
> * Scenario/repeatability:
>- See www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
>- Since Postfix 2.7, there's a persistent verification database.
Actually, there isn't, or, more prec
On Wed, Aug 16, 2023 at 07:48:30PM -0400, Viktor Dukhovni wrote:
> Problem found via:
>
> danesmtp ()
> {
> local host=$1;
> shift;
> local opts=(-starttls smtp -connect "$host:25" -verify 9
> -verify_return_error -dane_ee_no_namechecks -dane_tlsa_domain "$host");
On Wed, Aug 23, 2023 at 01:36:29PM +1200, Peter via Postfix-users wrote:
> > "The problem" (i have given up and did not try it for long) is the
> > configuration directory. Does this work without configuration
> > directory? I had to try again.
The default Postfix directory (the one compiled in
On Tue, Aug 22, 2023 at 03:41:43PM -0400, Alex via Postfix-users wrote:
> I'm hoping I could ask what is probably an FAQ but I haven't seen
> anything on it recently. I've already implemented some type of rate
> limiting for delivering to gmail, but it's apparently not working
> satisfactorily for
On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote:
> >> If your have smtpd_sasl_auth_enable=yes for your services on port
> >> 587 (submission) and port 465 (smtps or submissions), then you can
> >> remove it from master.cf when all your AUTH users are not using
> >> the port 25 service.
On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote:
> What is the output from
>
> postconf -P '*/inet/smtpd_sasl_auth_enable'
>
> That will show the smtpd_sasl_auth_enable settings in master.cf.
>
> If your have smtpd_sasl_auth_enable=yes for your services on
On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote:
> not exactly the same issue to my read, but there may be more to it?
As suspected, the OP has an incomplete DANE TLSA RRset that fails to
match the system's RSA certificate (the additional ECDSA certifcate does
match, but Mi
On Wed, Aug 16, 2023 at 02:07:39PM +, Serg wrote:
> Thanks for pointing this out, I forgot to update it when migrating from RSA
> to ECC certificate.
It seems you don't have monitoring in place that checks the correctness
of your TLSA records vis-à-vis your certificate chain. Monitoring is
On Wed, Aug 16, 2023 at 10:56:07AM +, Serg via Postfix-users wrote:
> I have checked email server of mine and can confirm I am seeing that too
> (logs are since Aug 13 03:50:38 EEST):
>
> > admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
> > /var/log/mail.log | grep 'ehlo=1
On Wed, Aug 16, 2023 at 09:12:44AM -0400, pgnd via Postfix-users wrote:
> 4 0.321516 192.0.2.25 → 52.101.62.16 SMTP 121 S: 220
> mx1.example.net ESMTP .
Your server's hostname and served domains continue to be hidden. Are
you perhaps willing and able to post those details? With
On Wed, Aug 16, 2023 at 01:51:24AM +0200, Étienne Miret via Postfix-users wrote:
> I found this discrepancy surprising and am suggesting it is removed. In
> case others argue it is useful or that removing it will break some
> configurations, I am asking it is documented.
The discrepancy is inte
On Tue, Aug 15, 2023 at 05:12:53PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > 2023-08-14T13:12:00.131049-04:00 svr01
> > postfix/postscreen-internal/smtpd[27907]: disconnect from
> > mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]
> >
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
> 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT
> from [52.101.56.17]:32607 to [209.123.234.54]:25
> 2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
> [52.101.56.17]:326
On Tue, Aug 15, 2023 at 11:51:07AM -0400, Wietse Venema via Postfix-users wrote:
> > That's my instinct also. Waiting out transient glitches by retrying on
> > the next delivery attempt is not an option for probes. And probes don't
> > leak message content in the clear, nor even the full envelop
On Tue, Aug 15, 2023 at 11:33:08AM -0400, Wietse Venema via Postfix-users wrote:
> With that, the condition evaluates to:
>
> 1: session->tls_context == 0 true
> 2: state->tls->level == TLS_LEV_MAYpresumably true
> 3: PREACTIVE_DELAY >= var_min_backoff_ti
[ $subject would have been more clear had the OP mentioned that he's
talking about address verification probes. ]
On Tue, Aug 15, 2023 at 01:29:14PM +, Serg via Postfix-users wrote:
> > admin@flopster ~ $ sudo postconf | grep ^smtp_tls
> > smtp_tls_cert_file = /etc/ssl/domains/flopster.at.e
On Mon, Aug 14, 2023 at 11:54:16PM +0200, lutz.niede...@gmx.net wrote:
> Ah, still one question. I don't remember exactly where, but I believe
> that you said it would be better to split into separate instances.
> Sorry, can't find it anymore.
https://www.postfix.org/MULTI_INSTANCE_README.ht
On Mon, Aug 14, 2023 at 11:04:56PM +0200, lutz.niederer--- via Postfix-users
wrote:
> we need to block subaddressing from extern, and only from extern.
> Internally we use it really often.
A sensible initial simplification is to not mix inbound and outbound
mail on the same Postfix instance. Th
On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote:
> > Length: 00 00 9c (156)
> > ...
> > 0x01,0x88 7 ???
> > ...
> > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA
> > ...
> > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS
> > ...
>
> All the ciphersuites offered except one (DSS) are RSA
On Mon, Aug 14, 2023 at 04:13:54PM -0300, SysAdmin EM via Postfix-users wrote:
> Hi, Is it possible to discard an email based on the Subject and the
> destination email address?
> I try this and not work:
>
> /^Subject:.*Test email subject .*To:.*m...@me.com/ DISCARD
Note that "the destination
On Sun, Aug 13, 2023 at 01:47:05PM -0400, Wietse Venema via Postfix-users wrote:
> > Any votes for JSON? :-)
> >
> > { "account": "user:foo", "base64password": "" }
>
> Before other people start to chime in, let me set some expectations.
My suggestion of JSON is largely in jest.
401 - 500 of 728 matches
Mail list logo