Re: Outlook 2010 smtp auth probs ?
On 29 Dec 2017, at 02:18, Matus UHLAR - fantomas wrote: ssl usually means port 465 with implicit SSL, while 587 requires explicit ssl (aka starttls). On 29.12.17 07:43, @lbutlr wrote: As I understand it port 465 was deprecated 20 years ago. It holds on in some servers because old versions (like pre 2010) of Microsoft software do not support STARTTLS and some people refuse to upgrade for security reasons. pre-2007, as I mentioned in my mail you repled to :-) also applies for outlook express which is also ld and deprecated. (My solution was to only allow mail submission on port 587. People with old clients have to use webmail or update). 2 reasons: 1. I've had problem with smtp/starttsl on port 587, caused by AV software, using 465 with implicit SSL helped. 2. it's not possible to reject plaintext connections on 465, and if somebody disabled plaintext, users would notice immediately -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
Re: Rebuilding mail server from scratch
Voytek: > On Sat, December 30, 2017 3:51 am, Wietse Venema wrote: > > > You should be able to build the new Postfix, use the old config > > files, do 'postfix upgrade-configuration", and look for warnings while > > Postfix handles email for several days, about things that > > might break when you were to set compatibility_level=2. > > hmm, I am not sure I have done 'postfix upgrade-configuration" > > can I run it possibly second time ? You can run it many times (the operation is idempotent). > does it only if need changes main.cf ? It adds or updates some main.cf parameter settings, and if the old Postfix version is old enough, also adds required services to master.cf. > > That only moves the old system into the new era. If you don't need > > any of the newer features such as postscreen, then you're done. > > where to look for advice/tips etc on postscreen config The mechanics are explained in www.postfix.org/POSTSCREEN_README.html, and case studies are found with a search engine. Wietse
Re: backwards compatibility questions 2.1 to 3.x
Voytek: > I have 3.2.4 with /etc/postfix from 2.1, virtual domain/virtual users in > mysql > > have not as yet set "postconf compatibility_level=2", "Postfix is running > with backwards-compatible default settings" > > grep backward /var/log/maillog* (apart from warning about it) gives: > > /var/log/maillog: > > Dec 25 04:17:03 geko postfix/trivial-rewrite[4747]: using > backwards-compatible default setting append_dot_mydomain=yes to rewrite > "brandnew" to "brandnew.sbt.net.au" > Dec 27 15:35:55 geko postfix/trivial-rewrite[19201]: using > backwards-compatible default setting append_dot_mydomain=yes to rewrite > "iZ94nt9sb5tZ" to "iZ94nt9sb5tZ.sbt.net.au" > Dec 27 15:35:55 geko postfix/trivial-rewrite[19201]: using > backwards-compatible default setting append_dot_mydomain=yes to rewrite > "iZ94nt9sb5tZ" to "iZ94nt9sb5tZ.sbt.net.au" > Dec 29 03:31:34 geko postfix/trivial-rewrite[32602]: using > backwards-compatible default setting append_dot_mydomain=yes to rewrite > "iZu1n7d6k3qZ" to "iZu1n7d6k3qZ.sbt.net.au" Your system needs append_dot_mydomain=yes in main.cf, because the new default setting could break mail delivery. > so, once I set "postconf compatibility_level=2" this will be OK, yes ? That will break mail deliveries if you don't have append_dot_mydomain=yes in main.cf. See the warning message above. > mynetworks = 127.0.0.1 serverip myip > > should I enter here all IPs of remote authorized users ? that's maybe 10 > IPs ? If it says "using backwards-compatible default setting mynetworks_style=subnet" (to prevent mail from suddenly getting blocked) then you need to set mynetworks_style=subnet in main.cf. Wietse
Re: TLS session tickets versus TLS session cache
>> On Dec 29, 2017, at 1:54 PM, J Doe wrote: >> >> I have noticed in the Postfix documentation (man 5 postconf), that the >> smtpd_tls_session_cache_database parameter notes: >> >> “As of Postfix 2.11 the preferred mechanism for session resumption is RFC >> 5077 TLS session tickets...for Postfix >= 2.11 this parameter should >> generally be left empty” >> >> I note that this text is NOT in the smtp_tls_session_cache_database >> parameter notes. > > And rightly so, since session tickets enable session resumption with > stateless *servers*. The server state is delegated to the client in > the form of a session ticket. Server caches go away, and client caches > get bigger! > >> For Postfix version 2.11 and later, should BOTH >> smtp_tls_session_cache_database and smtpd_tls_session_cache_database be left >> empty to use session tickets, instead, or is that only for the SMTP SERVER ? > > Only the server. Hi Viktor, Thank you for your prompt reply. Ok, that makes sense - especially the part about the caches going away and delegating the storage to the client. - J
smtpd_milters
Hi After reading http://www.postfix.org/MILTER_README.html there are some questions unanswered to me. Let's assume one does define: smtpd_milters = milter1, milter2, …, milterX README: "Milter applications are applied in the order as specified, and the first Milter application that rejects a command will override the responses from other Milter applications." I do understand: milter2 rejects the mail in question, and thus, overrides all responses from milter1, …, milterX. What I do not understand: Will all milters *after* milter2 become invoked although milter2 already did reject the mail in question? In other words: Is there a way to stop invoking milters after the first "reject"? Sorry, but I do not understand that README well enough to answer that questions by myself. Thanks in advance and with kind regards, Michael
Re: smtpd_milters
Am 30.12.2017 um 22:55 schrieb Michael Grimm: > Hi > > After reading http://www.postfix.org/MILTER_README.html there are some > questions unanswered to me. also read the milter documentation part of the opensource sendmail for example at https://sources.debian.org/data/main/s/sendmail/8.15.2-9/libmilter/docs/index.html > Let's assume one does define: > > smtpd_milters = milter1, milter2, …, milterX > > README: > "Milter applications are applied in the order as specified, and the > first Milter application that rejects a command will override the responses > from other Milter applications." > > I do understand: > milter2 rejects the mail in question, and thus, overrides all responses > from milter1, …, milterX. override is the wrong word. ,Say "milter1 did not reject" and milterX is not relevant anymore. > What I do not understand: > Will all milters *after* milter2 become invoked although milter2 > already did reject the mail in question? > > In other words: > Is there a way to stop invoking milters after the first "reject"? > > Sorry, but I do not understand that README well enough to answer that > questions by myself. Milters callbacks are invoked for every smtp state. every milter may give one of seven answers. https://sources.debian.org/data/main/s/sendmail/8.15.2-9/libmilter/docs/api.html#Miscellaneous notice the concept of "connection-oriented" vs. "message- or recipient-oriented" callbacks. https://sources.debian.org/data/main/s/sendmail/8.15.2-9/libmilter/docs/overview.html#ControlFlow Andreas
Re: Rebuilding mail server from scratch
On Sun, December 31, 2017 1:55 am, Wietse Venema wrote: >> hmm, I am not sure I have done 'postfix upgrade-configuration" >> >> can I run it possibly second time ? > > You can run it many times (the operation is idempotent). > > >> does it only if need changes main.cf ? > > It adds or updates some main.cf parameter settings, and if the old > Postfix version is old enough, also adds required services to > master.cf. Wietse, thanks, went through with no changes, next, I'll set 'comp level' # postfix upgrade-configuration postfix: Postfix is running with backwards-compatible default settings postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" # diff main.cf main.31dec1134 # diff master.cf master.31dec1134 V
Re: backwards compatibility questions 2.1 to 3.x
On Sun, December 31, 2017 2:03 am, Wietse Venema wrote: >> Dec 29 03:31:34 geko postfix/trivial-rewrite[32602]: using >> backwards-compatible default setting append_dot_mydomain=yes to rewrite >> "iZu1n7d6k3qZ" to "iZu1n7d6k3qZ.sbt.net.au" >> > > Your system needs append_dot_mydomain=yes in main.cf, because the > new default setting could break mail delivery. > >> so, once I set "postconf compatibility_level=2" this will be OK, yes ? > > That will break mail deliveries if you don't have append_dot_mydomain=yes > in main.cf. See the warning message above. OK, done postconf compatibility_level=2 postfix reload had a brief heart stoppage when noticed 'fatal' postfix/postfix-script: fatal: usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration) THEN noticed I missed 'd', I've entered 'postfix reloa' rather than 'reload' so, it's all good, thanks again! Happy Mew Year! Voytek
Re: stupid question about removing maildir attachments
On 29 Dec 2017, at 15:15 (-0500), Eero Volotinen wrote: Hi list, A bit offtopic, but I need cli-tool to remove attachments from specific maildir messages, so how to do that? You're on the wrong list. I don't know what the right one for this query would be, but it's going to depend on what you have reading your maildirs (i.e. your POP, IMAP, or webmail server, NOT Postfix) because that's the side you risk confusing by doing that. As a general rule, I'd say that you would be better off reconsidering your problem from its root and finding an alternative mechanism. Modifying message files in a maildir after they've been delivered rarely ends well. You'd be better off using something like MIMEDefang to lop off the attachments before delivery or an IMAP client to do the surgery by reconstructing a new message sans attachment and deleting the original. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
