Zitat von Wietse Venema <[email protected]>:
[email protected]:Zitat von Wietse Venema <[email protected]>: > Stan Hoeppner: >> Wietse Venema put forth on 1/13/2011 9:00 AM: >> >> > postscreen should be ready for prime time on *BSD, Linux and Solaris >> > systems (Solaris support was completed last week). >> >> AIX? > > AIX and HP-UX are not tested. Both use a BSD-derived TCP/UP stack, > and will probably work. I may get around to testing AIX but I do > not have the time to set up the latest OS version. Last time I > looked, HP had changed their developer access program (with the > result that I could not use it anymore). I might be able to do some limited tests on HP-UX 11.11 (PA-RISC) and 11.23 (Itanium) if needed. Let me know if i would be of any help.If you could run it through postscreen + TLS, both with a whitelisted and blacklisted client, that would be useful. It is sufficient to test with "openssl s_client -quiet -starttls smtp -connect host:port". If it does not keel over and die, then it should be OK. This is mainly a check for API rot (i.e. code that used to work no longer does, or some new Postfix code isn't compatible with the untested OS environment).
For HP-UX 11.23 and Postfix 2.8 with Postscreen i get the following:Jan 17 12:05:18 hpux2 postfix/postfix-script[15997]: starting the Postfix mail system Jan 17 12:05:18 hpux2 postfix/master[15998]: daemon started -- version 2.8.0-RC1, configuration /etc/postfix Jan 17 12:05:35 hpux2 postfix/postscreen[16003]: CONNECT from [10.1.70.1]:58489 Jan 17 12:05:35 hpux2 postfix/postscreen[16003]: entering STRESS mode with 1 connections
Jan 17 12:05:35 hpux2 postfix/postscreen[16003]: BLACKLISTED [10.1.70.1]:58489 Jan 17 12:05:35 hpux2 postfix/postscreen[16003]: PASS OLD [10.1.70.1]:58489Jan 17 12:05:35 hpux2 postfix/postscreen[16003]: leaving STRESS mode with 0 connections Jan 17 12:05:35 hpux2 postfix/smtpd[16004]: connect from fslnx.hq.kwsoft.de[10.1.70.1] Jan 17 12:05:35 hpux2 postfix/smtpd[16004]: setting up TLS connection from fslnx.hq.kwsoft.de[10.1.70.1] Jan 17 12:05:35 hpux2 postfix/smtpd[16004]: Anonymous TLS connection established from fslnx.hq.kwsoft.de[10.1.70.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Jan 17 12:05:42 hpux2 postfix/smtpd[16004]: disconnect from fslnx.hq.kwsoft.de[10.1.70.1]
Jan 17 12:05:44 hpux2 postfix/postscreen[16003]: fatal: watchdog timeoutJan 17 12:05:45 hpux2 postfix/master[15998]: warning: process /usr/libexec/postfix/postscreen pid 16003 exit status 1
postconf -n alias_database = dbm:/etc/postfix/aliases alias_maps = dbm:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost myhostname = hpux2.hq.kwsoft.de mynetworks = x.x.x.x/32, 127.0.0.0/8 myorigin = $myhostname newaliases_path = /usr/bin/newaliasespostscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access
queue_directory = /var/spool/postfix
readme_directory = /var/spool/postfix/README
relayhost = [mailer.hq.kwsoft.de]
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_tls_cert_file = /etc/postfix/test.cert
smtpd_tls_key_file = /etc/postfix/test.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
and master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
This is compiled from source with the HP Ansi "cc" on a HP-UX 11.23
(Itanium) system.
What have i done wrong? Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
