cannot load Certificate Authority data

Halo list, Happy report full conversion away qmail near finish, only one problem remain we can see. noki7 postfix/smtpd[8512]: cannot load Certificate Authority data: disabling TLS support is this error because client not use TLS? Is this error safe to ignore or does have problem reading local s

Re: Rewriting Date header for local senders, or something like that.

Hi! Thanks for your answer! On Tue, Aug 24, 2010 at 7:31 PM, mouss wrote: >  Le 23/08/2010 04:47, Jose Ildefonso Camargo Tolosa a écrit : >> >> Hi! >> >> I got a curiosity, I have noted that the Date header the mail takes >> comes from the client computer, so, if my computer have a wrong date, >

Re: Multiple Domains; No Local Accounts - bad uid in virtual_uid_maps

Thank you, gentlemen. I always appreciate a good "RTFM" from talented folks who actually know where they are pointing. :-) I do appreciate the help and definitely do not intend to aggravate and vex. Mike

Re: Rewriting Date header for local senders, or something like that.

Le 23/08/2010 04:47, Jose Ildefonso Camargo Tolosa a écrit : Hi! I got a curiosity, I have noted that the Date header the mail takes comes from the client computer, so, if my computer have a wrong date, my mail will go out with a wrong date too. there is nothing curious about that. the Date h

Re: Multiple Domains; No Local Accounts - bad uid in virtual_uid_maps

Le 24/08/2010 23:49, Mike a écrit : Incoming mail is getting dropped into /var/spool/postfix/defer . I'm seeing this error in /var/log/messages: Aug 24 17:21:48 sato postfix/virtual[581]: warning: recipient m...@example.com : bad uid example.com/mike/

Re: Multiple Domains; No Local Accounts - bad uid in virtual_uid_maps

Mike: > Aug 24 17:21:48 sato postfix/virtual[581]: warning: recipient > m...@example.com: bad uid example.com/mike/ 3001 3001 in > virtual_uid_maps Please RTFM the documentation. http://www.postfix.org/postconf.5.html#virtual_uid_maps http://www.postfix.org/virtual.8.html Wietse

Re: submission port annoyance

Halo Noel, On Tue, Aug 24, 2010 at 10:48 PM, Noel Jones wrote: > > >> Is there setting I misplace, or misunderstand ? it not seem >> to do any RBL test so I think honouring. >> > > Your master.cf submission service must override any main.cf settings that > you want changed. You probably want

Re: Multi-domain certificates and TLS

On Tue, Aug 24, 2010 at 05:35:42PM -0400, Alex wrote: > > mail.messaging.microsoft.com[65.55.88.22]:25: Matched > > subject_CN=*.messaging.microsoft.com, issuer_CN=Cybertrust SureServer > > Standard Validation CA > ... > > What is your TLS policy for this destination? The wildcard Subject Alt Na

Multiple Domains; No Local Accounts - bad uid in virtual_uid_maps

Incoming mail is getting dropped into /var/spool/postfix/defer . I'm seeing this error in /var/log/messages: Aug 24 17:21:48 sato postfix/virtual[581]: warning: recipient m...@example.com: bad uid example.com/mike/ 3001 3001 in virtual_uid_maps Aug 24 17:21:48 sato postfix/virtual[581]: 75F571

Re: Multi-domain certificates and TLS

Hi, > When the Subject Alternative Name extension is present in a server > certificate, Postfix will use the first domain listed in that extension > as the verified peer name, unless one of the other domains satisfies > the matching rules for the destination TLS policy. > >> Aug  6 09:44:20 smtp01

Re: TLS with Subject Alternative Name

Clayton Keller writes: > First off, my apologies if this strays a bit off-list. > > I'm trying to setup a test environment using TLS and a self-signed > certificate using Subject Alternative Name. From my research this > should allow me to use multiple hostnames with a single certificate. > > I h

TLS with Subject Alternative Name

First off, my apologies if this strays a bit off-list. I'm trying to setup a test environment using TLS and a self-signed certificate using Subject Alternative Name. From my research this should allow me to use multiple hostnames with a single certificate. I have no issues using TLS and a sin

Re: DNS Whitelisting

Stan Hoeppner: > Wietse Venema put forth on 8/23/2010 10:11 AM: > > Noel Jones: > > > (Might be time to revisit DNS whitelists in > >> postfix.) > > > > Maybe someone can draft a strawman user interface: > > > > - what is the configuration syntax > > > > - what does that syntax mean > > > > -

Re: DNS Whitelisting

On 8/24/2010 1:36 PM, Stan Hoeppner wrote: Wietse Venema put forth on 8/23/2010 10:11 AM: Noel Jones: (Might be time to revisit DNS whitelists in postfix.) Maybe someone can draft a strawman user interface: - what is the configuration syntax - what does that syntax mean - how to make it

Re: DNS Whitelisting

Wietse Venema put forth on 8/23/2010 10:11 AM: > Noel Jones: > (Might be time to revisit DNS whitelists in >> postfix.) > > Maybe someone can draft a strawman user interface: > > - what is the configuration syntax > > - what does that syntax mean > > - how to make it safe ( we don't want "ope

Re: restrict delivery for a single user only

On 24/08/2010 19:42, Luigi Rosa wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a postfix server with virtual mailbox handled via MySQL queries: virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_map

restrict delivery for a single user only

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a postfix server with virtual mailbox handled via MySQL queries: virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_maps = mysql:/etc/po

Re: per domain TLS

On Tue, Aug 24, 2010 at 11:37:26AM -0500, Vernon A. Fort wrote: > > > # force_tls > > > 5.4.3.2/32 reject_plaintext_session > > > > See however, > > > > http://www.postfix.org/TLS_README.html#client_tls_limits > > > > the responsibility to encrypt falls largely on the sender. I would > > e

Re: per domain TLS

On Tue, 2010-08-24 at 10:29 -0500, Noel Jones wrote: > On 8/24/2010 10:24 AM, Vernon A. Fort wrote: > > We have a few companies that we need have ALL email traffic encrypted. > > We can no longer 'blindly trust' the end user to not include sensitive > > information in email. A VPN would be a easie

Re: per domain TLS

On Tue, 2010-08-24 at 11:42 -0400, Victor Duchovni wrote: > On Tue, Aug 24, 2010 at 10:29:43AM -0500, Noel Jones wrote: > > > On 8/24/2010 10:24 AM, Vernon A. Fort wrote: > >> We have a few companies that we need have ALL email traffic encrypted. > >> We can no longer 'blindly trust' the end user

Re: Delay deliver to a group of domains

Thanks Wietse, works just fine. On Tue, Aug 24, 2010 at 10:12 AM, Wietse Venema wrote: > Pablo Garcia Melga: >> I added the following lines to the configuration >> >> master.cf >> >> smtpslow  unix  -       -       n       -       -       smtp >> >> transport >> >> yahoo.com     smtpslow: >> ya

Re: per domain TLS

On Tue, Aug 24, 2010 at 10:29:43AM -0500, Noel Jones wrote: > On 8/24/2010 10:24 AM, Vernon A. Fort wrote: >> We have a few companies that we need have ALL email traffic encrypted. >> We can no longer 'blindly trust' the end user to not include sensitive >> information in email. A VPN would be a

Re: per domain TLS

On 8/24/2010 10:24 AM, Vernon A. Fort wrote: We have a few companies that we need have ALL email traffic encrypted. We can no longer 'blindly trust' the end user to not include sensitive information in email. A VPN would be a easier solution but its not an option at this point. So, the outbound

per domain TLS

We have a few companies that we need have ALL email traffic encrypted. We can no longer 'blindly trust' the end user to not include sensitive information in email. A VPN would be a easier solution but its not an option at this point. So, the outbound appears to be simple: smtp_tls_policy

Re: virtual MAILBOX: separate domains, non-UNIX accounts

On Tue, Aug 24, 2010 at 6:17 AM, Magnus Bäck wrote: > On Monday, August 23, 2010 at 23:20 CEST, > Mike <1100...@gmail.com> wrote: > > > Noip.com manages DNS for my FQDN. > > Should virtual_mailbox_domains = mail.example.com > > or only example.com > > That depends on whether you want u...@ma

Re: Postfix/LDAP beginner question

On Tue, Aug 24, 2010 at 10:32:12AM -0400, Zhou, Yan wrote: > Hi there, > > I am using Postfix 2.4.3. As my first step to integrate with Postfix, I > wish to look up LDAP for local user. > > I did not recompile Postfix because I thought it comes with LDAP > support. My ldap log does show that Po

Postfix/LDAP beginner question

Hi there, I am using Postfix 2.4.3. As my first step to integrate with Postfix, I wish to look up LDAP for local user. I did not recompile Postfix because I thought it comes with LDAP support. My ldap log does show that Postfix is trying to look up, so I think it is fine there. main.cf reads li

Re: Howto tell postfix to don't reread it's configuration file automatically

Hello, > > a way to tell postfix to don't re-read the config files > No. By design Postfix daemons periodically commit suicide and, when > restarted, have no option but to read the configuration files. I thought so. Thanks a lot. Thomas

Re: Delay deliver to a group of domains

Pablo Garcia Melga: > I added the following lines to the configuration > > master.cf > > smtpslow unix - - n - - smtp > > transport > > yahoo.com smtpslow: > yahoo.com.ar smtpslow: > yahoo.com.mx smtpslow: > ymail.com smtpslow: > > main.cf > > transpo

Re: Selective smtpd_helo_restrictions question

On 8/24/2010 7:41 AM, Charles Marcus wrote: On 2010-08-22 8:38 PM, Stan Hoeppner wrote: Stan Hoeppner put forth on 8/22/2010 7:34 PM: So if we reverse the scenario and put the "REJECT" first, it's a final decision? If so, and if I've described the situation correctly, why do we have this oppo

Re: Delay deliver to a group of domains

I added the following lines to the configuration master.cf smtpslow unix - - n - - smtp transport yahoo.com smtpslow: yahoo.com.arsmtpslow: yahoo.com.mxsmtpslow: ymail.com smtpslow: main.cf transport_maps = hash:/etc/postfix/transport smtps

Re: submission port annoyance

On Tue, 24 Aug 2010 22:24:44 +1000 Edward avanti articulated: > Halo, > > We are have odd occasional problem where, some customer that have > made up name in hostname on pc and try send mail get rejected by us > > submission is told use - submission inet n - n - > - smt

Re: submission port annoyance

On 8/24/2010 7:24 AM, Edward avanti wrote: Halo, We are have odd occasional problem where, some customer that have made up name in hostname on pc and try send mail get rejected by us submission is told use - submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=y

Re: Selective smtpd_helo_restrictions question

Charles Marcus: > On 2010-08-22 8:38 PM, Stan Hoeppner wrote: > > Stan Hoeppner put forth on 8/22/2010 7:34 PM: > >> So if we reverse the scenario and put the "REJECT" first, it's a final > >> decision? If so, and if I've described the situation correctly, why do > >> we have this opposite behavi

Re: Selective smtpd_helo_restrictions question

On 2010-08-22 8:38 PM, Stan Hoeppner wrote: > Stan Hoeppner put forth on 8/22/2010 7:34 PM: >> So if we reverse the scenario and put the "REJECT" first, it's a final >> decision? If so, and if I've described the situation correctly, why do >> we have this opposite behavior between whitelisting an

Re: submission port annoyance

Op 24 aug 2010, om 14:24 heeft Edward avanti het volgende geschreven: > Halo, > > We are have odd occasional problem where, some customer that have made up > name in hostname on pc and try send mail get rejected by us > > submission is told use - submission inet n - n -

submission port annoyance

Halo, We are have odd occasional problem where, some customer that have made up name in hostname on pc and try send mail get rejected by us submission is told use - submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_

Re: Howto tell postfix to don't reread it's configuration file automatically

On Tuesday, August 24, 2010 at 09:40 CEST, Thomas Glanzmann wrote: > a week ago I had a problem with a productive e-mail server rejecting > e-mail because an automatic configuration tool (cfengine) failed on me > and rolled out the wrong configuration file. After a very short amount > of tim

Re: virtual MAILBOX: separate domains, non-UNIX accounts

On Monday, August 23, 2010 at 23:20 CEST, Mike <1100...@gmail.com> wrote: > Noip.com manages DNS for my FQDN. > Should virtual_mailbox_domains = mail.example.com > or only example.com That depends on whether you want u...@mail.example.com to work or not. virtual_mailbox_domains should list r

Howto tell postfix to don't reread it's configuration file automatically

Hello everyone, a week ago I had a problem with a productive e-mail server rejecting e-mail because an automatic configuration tool (cfengine) failed on me and rolled out the wrong configuration file. After a very short amount of time (less than an hour) postfix picked up the new configuration file