Forward Secrecy in the Postfix SMTP Client
On this page:
http://www.postfix.org/FORWARD_SECRECY_README.html#client_fs
There is:
Once the parameters are in place, update main.cf as follows:
/etc/postfix/main.cf:
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
I notice the line starting with 'smtpd_tls_dh1024_param_file' points to
a 2048 file.
Is that correct, or might it be a typo?
thanks.
Re: Forward Secrecy in the Postfix SMTP Client
On Sun, Aug 09, 2015 at 12:42:00PM -0400, Mike wrote:
> On this page:
> http://www.postfix.org/FORWARD_SECRECY_README.html#client_fs
>
> There is:
>
> Once the parameters are in place, update main.cf as follows:
>
> /etc/postfix/main.cf:
> smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
> smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
These are SMTP server not SMTP client settings (for some reason
your subject line says "Client").
> I notice the line starting with 'smtpd_tls_dh1024_param_file' points to
> a 2048 file.
>
> Is that correct, or might it be a typo?
It is not a typo and rationale is explained in the document.
http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
EDH Server support:
...
Take a few minutes to read more of the document.
--
Viktor.
Re: Forward Secrecy in the Postfix SMTP Client
On 8/9/2015 12:48 PM, Viktor Dukhovni wrote:
> On Sun, Aug 09, 2015 at 12:42:00PM -0400, Mike wrote:
>
>> On this page:
>> http://www.postfix.org/FORWARD_SECRECY_README.html#client_fs
>>
>> There is:
>>
>> Once the parameters are in place, update main.cf as follows:
>>
>> /etc/postfix/main.cf:
>> smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
>> smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
>
> These are SMTP server not SMTP client settings (for some reason
> your subject line says "Client").
I cited the wrong subsection, both as you noted in my text and also the
URL. I should have pointed to
http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start
>
>> I notice the line starting with 'smtpd_tls_dh1024_param_file' points to
>> a 2048 file.
>>
>> Is that correct, or might it be a typo?
>
> It is not a typo and rationale is explained in the document.
>
> http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
>
> EDH Server support:
>
> ...
>
> Take a few minutes to read more of the document.
I had seen the rationale in the master.cf / submission section. I was
unsure if that same rationale also applied to the main.cf section.
Thanks for confirming it is correct as written.
Re: Postfix doesn't reject hard bounced emails
Hello Postfix community, This problem is related to docker + postfix + Ubuntu LTS with kernel 3.16 host (I didnt test with 3.13). Issue can be reproduced without any configuration change if postfix is installed within docker container. I tried to rebuild postfix from source (2.x and 3.x), but that didn't solve the problem. I even tested multiple existing postfix images in docker hub and all have the same issue. To solve the issue I had to install newest kernel version that is available for Ubuntu LTS - 3.19. apt-get install linux-generic-lts-vivid With regard, Agris On 2015-07-31 10:31, post...@pd.lv wrote: Dear Postfix community, I'm having problem with Postfix and I can't figure out what's wrong.. I have configured Postfix to send and receive emails, but there is an issue with HARD bounced emails - they are not rejected and Postfix repeats sending them every x minutes and user receives "Undelivered Mail Returned to Sender" multiple times. In mail.log I see: [..] delay=5.2, delays=0.11/0.01/0.07/5, dsn=4.3.0, status=deferred (bounce or trace service failure) I added -v to bounce, qmgr daemons in master.cf, but still I can't figure out what is wrong. Here is full log: http://pastebin.com/bsFDsFB9 And here is my config (below config there is master.cf config): http://pastebin.com/u75w2qQ3 Could there be an issue with my config or there is a bug in Postfix 2.11.0? I posted same question in serverfault, but there are no answers: http://serverfault.com/questions/709741/postfix-hard-bounced-emails-are-not-rejected I would appreciate if any could help me solving this.. Thanks! With regard, Agris
