On 3/15/2010 6:26 PM, Erik Logtenberg wrote:
This whitelist is 1409 records long, so indeed as you say very small. I
suppose I could download it and host it locally. Apparently AXFR is not
allowed, but plain text HTTP download is, so that's good enough.
Then I would only need an efficient and ro
On 3/15/2010 7:58 PM, roger pedrol wrote:
Hi all,
Maybe not related to postfix but Ubuntu dpkg but trying to install SPF I
came across this problem:
Configuring postfix (2.5.1-2ubuntu1.2) ...
Running newaliases
postalias: fatal: can't create maps via the proxy service
dpkg: error al procesar p
Hi all,
Maybe not related to postfix but Ubuntu dpkg but trying to install SPF I
came across this problem:
Configuring postfix (2.5.1-2ubuntu1.2) ...
Running newaliases
postalias: fatal: can't create maps via the proxy service
dpkg: error al procesar postfix (--configure):
el subproceso post-
Wietse Venema:
> Erik Logtenberg:
> >
> > >> However in the case where the whitelist is (completely) unavailable for
> > >> some period of time, I still think that my suggestion applies, don't you
> > >> agree?
> > >
> > > No. It is assumed that you use a sufficiently reliable DNSWL. Ideally
> >
On 03/15/2010 11:48 PM, Stan Hoeppner wrote:
> Erik Logtenberg put forth on 3/15/2010 11:16 AM:
>> Hi,
>>
>> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
>> The Netherlands we have an NL-Whitelist, which contains the IP's of all
>> major ISP's. By using this whitelist one
Erik Logtenberg:
>
> >> However in the case where the whitelist is (completely) unavailable for
> >> some period of time, I still think that my suggestion applies, don't you
> >> agree?
> >
> > No. It is assumed that you use a sufficiently reliable DNSWL. Ideally
> > a local mirror, and if it bec
Erik Logtenberg put forth on 3/15/2010 11:16 AM:
> Hi,
>
> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
> The Netherlands we have an NL-Whitelist, which contains the IP's of all
> major ISP's. By using this whitelist one can make sure that accidental
> automatic blacklist
Wietse Venema put forth on 3/15/2010 10:22 AM:
>> Since this does not work, is there an available option to move
>> myhostname out of main.cf and into another file name or type?
>
> To set a fixed Postfix name, set the right hostname in main.cf, or
> set the right hostname in the kernel. If you
>> However in the case where the whitelist is (completely) unavailable for
>> some period of time, I still think that my suggestion applies, don't you
>> agree?
>
> No. It is assumed that you use a sufficiently reliable DNSWL. Ideally
> a local mirror, and if it becomes unavailable you use approp
On Mon, Mar 15, 2010 at 10:57:11PM +0100, Erik Logtenberg wrote:
> However in the case where the whitelist is (completely) unavailable for
> some period of time, I still think that my suggestion applies, don't you
> agree?
No. It is assumed that you use a sufficiently reliable DNSWL. Ideally
a lo
On 03/15/2010 10:49 PM, Victor Duchovni wrote:
> On Mon, Mar 15, 2010 at 10:41:02PM +0100, Erik Logtenberg wrote:
>
>> However the DEFER_IF_REJECT flag makes _all_ mail that would normally be
>> rejected (quite much) be deferred, which imho is quite a sacrifice to
>> make. (if I understand correct
On Mon, Mar 15, 2010 at 10:41:02PM +0100, Erik Logtenberg wrote:
> However the DEFER_IF_REJECT flag makes _all_ mail that would normally be
> rejected (quite much) be deferred, which imho is quite a sacrifice to
> make. (if I understand correctly)
No, this would apply only to failed DNSWL lookups
On 03/15/2010 10:37 PM, Victor Duchovni wrote:
> On Mon, Mar 15, 2010 at 05:15:59PM -0400, Wietse Venema wrote:
>
>> Victor Duchovni:
>>> With explicit DNSWL lookups, indeed "defer_if_reject" is acceptable, since
>>> the DWL is operated locally or by a competent provider and persistent temp
>>> fa
>> One of the design issues is what to do if the whitelist query tempfails?
>> if postfix tempfails, then you defer all mail (or a large part). if you
>> pass, then you get "non deterministic" behaviour.
>
> When a DNS blacklist lookup fails, the worst that can happen is unwanted
> mail is accepte
On Mon, Mar 15, 2010 at 05:15:59PM -0400, Wietse Venema wrote:
> Victor Duchovni:
> > With explicit DNSWL lookups, indeed "defer_if_reject" is acceptable, since
> > the DWL is operated locally or by a competent provider and persistent temp
> > failure of lookups is less likely. So it seems to me t
Victor Duchovni:
> With explicit DNSWL lookups, indeed "defer_if_reject" is acceptable, since
> the DWL is operated locally or by a competent provider and persistent temp
> failure of lookups is less likely. So it seems to me that this has cleaner
> semantics than "check_client_access" with name-ba
On 3/15/2010 3:39 PM, Victor Duchovni wrote:
On Mon, Mar 15, 2010 at 03:29:46PM -0500, Noel Jones wrote:
I suppose the "failed DNS whitelist lookup" problem could be mostly avoided
if the DEFER_IF_REJECT flag was raised on lookup failure. That would allow
known good mail to pass, and rejected
On Mon, Mar 15, 2010 at 03:29:46PM -0500, Noel Jones wrote:
> I suppose the "failed DNS whitelist lookup" problem could be mostly avoided
> if the DEFER_IF_REJECT flag was raised on lookup failure. That would allow
> known good mail to pass, and rejected mail would get a safety net. IIRC
> la
On 3/15/2010 3:16 PM, mouss wrote:
One of the design issues is what to do if the whitelist query tempfails?
if postfix tempfails, then you defer all mail (or a large part). if you
pass, then you get "non deterministic" behaviour.
When a DNS blacklist lookup fails, the worst that can happen
is
Erik Logtenberg a écrit :
>[snip]
> Thanks for your reply. I see that I could construct a policy service to
> do this, but it seems simpler and much more efficient to let postfix do
> this natively. It already has al the DNS-resolving code and whatnot, I
> would guess it shouldn't take much more t
Erik Logtenberg:
> >> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
> >> The Netherlands we have an NL-Whitelist, which contains the IP's of all
> >> major ISP's. By using this whitelist one can make sure that accidental
> >> automatic blacklisting won't disrupt regular ema
On 03/15/2010 08:44 PM, Wilberth Pérez wrote:
> someone knows how to run postfix on another port in solaris ?
If by "port" you mean "the port smtpd listens on" (there are some more
ports and sockets that postfix uses for different tasks), then take a
look at your master.cf file, and change:
smtp
someone knows how to run postfix on another port in solaris ?
--
LCC Wilberth de Jesús Pérez Segura CCSA- Administración de Servicios y
Seguridad de las TI
Correo: wilberth.pe...@uady.mx
Universidad Autónoma de Yucatán
Secretaría General
On Sun, Mar 14, 2010 at 04:34:41PM +0100, Richard van den Berg wrote:
> Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept:error in SSLv3
> read client certificate A
Various SMTP clients are known to mis-handle requests for client
certificates.
You have not posted your "postconf -n" outpu
On 3/15/2010 11:24 AM, Slack-Moehrle wrote:
Hi All,
I would like to setup my MacBook (10.6.2) to check e-mail accounts and fetch
the mail down locally so I can then check it.
Can anyone provide advice or a tutorial on how to do this?
Best
-Jason
The best way to do that is with a dedicated m
David Mehler a écrit :
> Hello,
> I'm running a CentOS 5.4 machine and atempting to get postfix and
> mailman going on it. This was working prior to a complete system
> upgrade about 9 months ago, now it isn't, I'm getting an error 554
> user unknown message when the user atempts to send back the
>
On 03/15/2010 06:18 PM, Security Admin (NetSec) wrote:
> Running Postfix as a mail gateway, version 2.6.5 and am finally getting
> around to implementing SPF in Postfix. I thought the TXT record in DNS
> would suffice which is how I have been running it.
Please note that according to RFC4408 (SP
Richard van den Berg a écrit :
> Is anyone here successfully using self signed server certificates in
> combination with openssl 0.9.8m ? I just upgraded from 0.9.8k and I am
> getting these errors whenever a starttls is received:
>
works on FreeBSD:
$ uname
FreeBSD
$ postconf mail_version
mail_v
>> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
>> The Netherlands we have an NL-Whitelist, which contains the IP's of all
>> major ISP's. By using this whitelist one can make sure that accidental
>> automatic blacklisting won't disrupt regular email traffic.
>>
>> I had s
Security Admin (NetSec):
> Running Postfix as a mail gateway, version 2.6.5 and am finally
> getting around to implementing SPF in Postfix. I thought the
> TXT record in DNS would suffice which is how I have been running
> it.
>
> Found this how-to link http://www.howtoforge.com/postfix_spf
>
>
On 3/15/2010 12:18 PM, Security Admin (NetSec) wrote:
Running Postfix as a mail gateway, version 2.6.5 and am finally getting
around to implementing SPF in Postfix. I thought the TXT record in DNS
would suffice which is how I have been running it.
Found this how-to link http://www.howtoforge.com
Running Postfix as a mail gateway, version 2.6.5 and am finally getting around
to implementing SPF in Postfix. I thought the TXT record in DNS would suffice
which is how I have been running it.
Found this how-to link http://www.howtoforge.com/postfix_spf
Is this the proper way or is another r
On Mon, 2010-03-15 at 11:23 -0500, Noel Jones wrote:
> On 3/15/2010 11:16 AM, Erik Logtenberg wrote:
> > Hi,
> >
> > Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
> > The Netherlands we have an NL-Whitelist, which contains the IP's of all
> > major ISP's. By using this whit
On 3/15/2010 11:22 AM, Wietse Venema wrote:
VR:
On a test box in Postfix 2.5.5 I tried putting myhost.domain.tld in
/etc/postfix/myhostname.cf and then defined myhostname =
/etc/postfix/myhostname.cf in main.cf.
Perhaps surprisingly, Postfix actually behaves as documented.
Where does Postfix d
Hi All,
I would like to setup my MacBook (10.6.2) to check e-mail accounts and fetch
the mail down locally so I can then check it.
Can anyone provide advice or a tutorial on how to do this?
Best
-Jason
On 3/15/2010 11:16 AM, Erik Logtenberg wrote:
Hi,
Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
The Netherlands we have an NL-Whitelist, which contains the IP's of all
major ISP's. By using this whitelist one can make sure that accidental
automatic blacklisting won't dis
On 3/15/2010 8:59 AM, Fitzgerald wrote:
Hi there!
Currently I am looking for a way to implement a bounce handler and I would
like some 'best practices' advice. I have very little experience in using
postfix but I came up with some ideas and want to get some comments on
those.
An application sen
Hi,
Is there a possibility to use a DNS-based RBL whitelist in Postfix? In
The Netherlands we have an NL-Whitelist, which contains the IP's of all
major ISP's. By using this whitelist one can make sure that accidental
automatic blacklisting won't disrupt regular email traffic.
I had something lik
Noel Jones skrev 2010-03-15 16:53:
On 3/15/2010 9:00 AM, Patric Falinder wrote:
Ralf Hildebrandt skrev 2010-03-15 14:35:
* Patric Falinder:
certificate verification failed for
remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
/CN=AAA-SBS-PYRAMID-CA
You don'T trust the CA, thus the cert
On 3/15/2010 9:00 AM, Patric Falinder wrote:
Ralf Hildebrandt skrev 2010-03-15 14:35:
* Patric Falinder:
certificate verification failed for
remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
/CN=AAA-SBS-PYRAMID-CA
You don'T trust the CA, thus the cert is untrusted.
Yes but can I someho
--On Sunday, March 14, 2010 4:34 PM +0100 Richard van den Berg
wrote:
Is anyone here successfully using self signed server certificates in
combination with openssl 0.9.8m ? I just upgraded from 0.9.8k and I am
getting these errors whenever a starttls is received:
This is all over port 25 with
VR:
> On a test box in Postfix 2.5.5 I tried putting myhost.domain.tld in
> /etc/postfix/myhostname.cf and then defined myhostname =
> /etc/postfix/myhostname.cf in main.cf.
Perhaps surprisingly, Postfix actually behaves as documented.
Where does Postfix documentation say that myhostname underst
On a test box in Postfix 2.5.5 I tried putting myhost.domain.tld in
/etc/postfix/myhostname.cf and then defined myhostname =
/etc/postfix/myhostname.cf in main.cf.
Since this does not work, is there an available option to move
myhostname out of main.cf and into another file name or type?
Hi,
Is there a way to change my hostname based on the relay i'm using?
For example, i have postfix servers in an ha config that relays to three
differents mail service providers, this providers restricts me in what
helo i have
to use; so if i'm using ISP1 as relay, i must identify as helo1.mydoma
Hi,
Fitzgerald a écrit :
Hi there!
Currently I am looking for a way to implement a bounce handler and I would
like some 'best practices' advice. I have very little experience in using
postfix but I came up with some ideas and want to get some comments on
those.
An application sends out a bunch
Ralf Hildebrandt skrev 2010-03-15 14:35:
* Patric Falinder:
certificate verification failed for
remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
/CN=AAA-SBS-PYRAMID-CA
You don'T trust the CA, thus the cert is untrusted.
Yes but can I somehow make it trusted?
Hi there!
Currently I am looking for a way to implement a bounce handler and I would
like some 'best practices' advice. I have very little experience in using
postfix but I came up with some ideas and want to get some comments on
those.
An application sends out a bunch of e-mails with a varying r
* Patric Falinder :
> >>certificate verification failed for
> >>remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
> >>/CN=AAA-SBS-PYRAMID-CA
> >You don'T trust the CA, thus the cert is untrusted.
> >
> Yes but can I somehow make it trusted?
By trusting the CA. Meaning: Installing the root-CA
Ralf Hildebrandt skrev 2010-03-15 13:52:
* Patric Falinder:
Hi!
I act as a "spamcheck"-relay for another server and I get this
"error" message when my server tries to connect and send a mail to
them:
certificate verification failed for
remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
* Patric Falinder :
> Hi!
>
> I act as a "spamcheck"-relay for another server and I get this
> "error" message when my server tries to connect and send a mail to
> them:
>
> certificate verification failed for
> remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
> /CN=AAA-SBS-PYRAMID-CA
You
Hi!
I act as a "spamcheck"-relay for another server and I get this "error"
message when my server tries to connect and send a mail to them:
certificate verification failed for
remote.example.se[85.197.XXX.XXX]:25: untrusted issuer
/CN=AAA-SBS-PYRAMID-CA
Its the certificate on the server th
51 matches
Mail list logo
