Mornin'
|# Error reporting
error_notice_recipient = postmaster@email.broker
#https://www.postfix.org/postconf.5.html#error_notice_recipient
notify_classes = bounce, delay, policy, protocol, resource, software
#https://www.postfix.org/postconf.5.html#notify_classes
|
The above will insure
On 2024-06-19 Jeff Peng via Postfix-users wrote:
> On 2024-06-19 17:29, Matt Kinni via Postfix-users wrote:
>> On 2024-06-19 02:27, Matt Kinni via Postfix-users wrote:
>>> On 2024-06-16 15:21, Cody Millard via Postfix-users wrote:
smtpd_helo_restrictions =
...
On 2024-06-19 17:29, Matt Kinni via Postfix-users wrote:
On 2024-06-19 02:27, Matt Kinni via Postfix-users wrote:
On 2024-06-16 15:21, Cody Millard via Postfix-users wrote:
smtpd_helo_restrictions =
...
reject_non_fqdn_helo_hostname,
...
I've found this to block some legitimate
On 2024-06-19 02:27, Matt Kinni via Postfix-users wrote:
> On 2024-06-16 15:21, Cody Millard via Postfix-users wrote:
>> smtpd_helo_restrictions =
>> ...
>> reject_non_fqdn_helo_hostname,
>> ...
> I've found this to block some legitimate mails in the past
Sorry, I meant
On 2024-06-16 15:21, Cody Millard via Postfix-users wrote:
> smtpd_helo_restrictions =
> ...
> reject_non_fqdn_helo_hostname,
> ...
I've found this to block some legitimate mails in the past from Bank of
America, so you may want to grep your logs for "Helo command rejected:
Host not
> On 19 Jun 2024, at 4:29 PM, Gilgongo via Postfix-users
> wrote:
>
> > The defaults for those settings, as far as postfix is concerned, are as
> > follows:
> >
> > smtpd_tls_auth_only = no
>
> Why? Surely, "yes" is the better choice...
>
> You need to set this to "yes" if you plan to have
On Wed, 19 Jun 2024 at 03:57, Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Tue, Jun 18, 2024 at 04:15:33PM -0500, Cody Millard via Postfix-users
> wrote:
>
> > The defaults for those settings, as far as postfix is concerned, are as
> > follows:
> >
> >
On Tue, Jun 18, 2024 at 10:02:20PM -0500, Cody Millard via Postfix-users wrote:
> as for why I set these explicitly, I figured that more random bits means
> more secure.
>
> tls_random_bytes = 64
> tls_daemon_random_bytes = 64
No need to clutter the configuration with overzealous low-level
Hi Viktor.
Please check my original post. Your comments are on the postfix defaults
and not my current settings.
as for why I set these explicitly, I figured that more random bits means
more secure.
tls_random_bytes = 64
tls_daemon_random_bytes = 64
On 6/18/2024 9:56 PM, Viktor Dukhovni
On Tue, Jun 18, 2024 at 04:15:33PM -0500, Cody Millard via Postfix-users wrote:
> The defaults for those settings, as far as postfix is concerned, are as
> follows:
>
> smtpd_tls_auth_only = no
Why? Surely, "yes" is the better choice...
> smtpd_tls_security_level =
Why empty? Surely "may" is
On 2024-06-19 05:15, Cody Millard via Postfix-users wrote:
I am not sure what SRS or AUC are right now.
I saw Dr. Lindenberg has a similar test suite like your site.
https://blog.lindenberg.one/EmailSecurityTest
___
Postfix-users mailing list --
I am not sure what SRS or AUC are right now.
The defaults for those settings, as far as postfix is concerned, are as
follows:
|smtpd_sasl_auth_enable = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
# SMTPd SERVER TLS/SSL Settings
tls_daemon_random_bytes = 64
tls_random_bytes = 64
smtpd_tls_cert_file = /etc/letsencrypt/live/email.broker/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/email.broker/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
13 matches
Mail list logo
