Hi Jaques,
Ah yes, I remember reading those. I don't think you have too much to
worry about in 2011 though. Those posts were from around 2008 when GFS
(The original implementation) didn't scale well for large mailboxes. It
was also around the time that GFS2 wasn't stable for production
enviro
Jonathan, check
http://web.archiveorange.com/archive/v/TUhSn61Ee1e4CqmzNaTd
http://www.mailinglistarchive.com/linux-clus...@redhat.com/msg07430.html
http://old.nabble.com/Dovecot-performance-on-GFS-clustered-filesystem-td19655678.html
On Thu, Jan 13, 2011 at 11:06 PM, Jonathan Tripathy wrote:
>
Tomoyuki Murakami:
>
> (just a faint impact, ...)
> since postfix-2.8-20110102, postscreen_cache_map file has been
> named "psc_cache" by default.
>
> postfix-2.8-20110112:
> ./global/mail_params.h:#define DEF_PSC_CACHE_MAP
> "btree:$data_directory/psc_cache"
>
> though man postscreen said,
>
(just a faint impact, ...)
since postfix-2.8-20110102, postscreen_cache_map file has been
named "psc_cache" by default.
postfix-2.8-20110112:
./global/mail_params.h:#define DEF_PSC_CACHE_MAP
"btree:$data_directory/psc_cache"
though man postscreen said,
...
postscreen_cache_map (btree:$
On Thu, Jan 13, 2011 at 04:49:43PM -0800, Gary Smith wrote:
> > (
> umask
> openssl pkcs12 -nodes -nocerts -out hsserver01.pem -in original.pfx
> )
This contains the key only.
> > (
> umask 077
> openssl pkcs12 -nodes -nocerts -out certkey.pem -in original.pfx
> )
THis contains t
> > openssl s_client -showcerts -state -quiet -status -connect localhost:465
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:error in SSLv2/v3 read server hello A
> 3075593864:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
On 1/14/11 2:00 AM, Jack Bates wrote:
Understand that address rewriting is at the heart of Postfix - but I
struggle to configure Postfix to deliver messages which are sent to the
domain @nottheoilrig.com, to localhost via LMTP, with envelope recipient
"nottheoilrig"
virtual_alias_maps:
@not
Understand that address rewriting is at the heart of Postfix - but I
struggle to configure Postfix to deliver messages which are sent to the
domain @nottheoilrig.com, to localhost via LMTP, with envelope recipient
"nottheoilrig"
Using transport_maps or various related parameters, I can deliver
@no
> Oops, while the "umask 077" is indeed required, this does produce a PEM
> file with a usable key and certificate, provided the OpenSSL library
> behind the pkcs12 command is not substantially newer than the one
> Postfix
> is linked with. If the command is from OpenSSL 1.0.0, it will generate
> a
On Thu, Jan 13, 2011 at 07:06:48PM -0500, Victor Duchovni wrote:
> > # Export certificate
> > openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
>
> This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
> your private key is compomised, unless your umask was 077.
Oops,
On Thu, Jan 13, 2011 at 03:36:41PM -0800, Gary Smith wrote:
> # Export certificate
> openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
your private key is compomised, unless your umask was 077.
> # Export public ke
On 1/14/11 12:24 AM, Mark (Lunatechnologies) wrote:
Thanks Jeroen,
Finally cracked it tonight. You're right - the content filter itself
was unnecessary and was being run against every mail in and out.
so removed that and just left the vacation transport to handle
anything with an @autoreply.do
> openssl can convert between various formats.
> http://www.sslshopper.com/article-most-common-openssl-commands.html
> http://security.ncsa.illinois.edu/research/grid-
> howtos/usefulopenssl.html
> http://shib.kuleuven.be/docs/ssl_commands.shtml
> ...
Mouss,
Thanks for the follow up. I know that
Le 14/01/2011 00:25, Gary Smith a écrit :
> I have an SSL key in pkcs12 format (pfx exported from Windows) that I need to
> convert into the proper format for postfix. The pfs includes the entire
> chain as well.
>
> Anyone know the proper way to convert this file into the corresponding
> smtp
Thanks Jeroen,
Finally cracked it tonight. You're right - the content filter itself was
unnecessary and was being run against every mail in and out.
so removed that and just left the vacation transport to handle anything with an
@autoreply.domain.com address (which I create in the alias table wit
I have an SSL key in pkcs12 format (pfx exported from Windows) that I need to
convert into the proper format for postfix. The pfs includes the entire chain
as well.
Anyone know the proper way to convert this file into the corresponding
smtpd_tls_key_file/smtpd_tls_cert_file formats? My unders
On 1/13/11 8:34 AM, Mark (Lunatechnologies) wrote:
Hi there,
I'm using a virtual vacation script (version 3.2), which runs as a
content filter for a while - but I have one makjor problem.
Yes. Why would you run a per-user reply script through a system-wide
content_filter ?
Enable procmail
On 1/12/11 4:34 PM, Markus Treinen wrote:
Hi,
your point is well taken. The reason for my setup is this:
I wanted to have virtual addresses for all my domains, which are
mapped separately to virtual users (meaning Maildirs delivered via
dovecot (mainly to use sieve)). Those virtual users would
* Wietse Venema :
> Yes it does. You are looking at the old postconf manpage.
Damn. Gotta fix this mess:
# locate postconf.5 | xargs ls -l
-rw-r--r-- 1 root root 432025 13. Jan 16:00 /usr/share/man/man5/postconf.5
-rw-r--r-- 1 root root 85140 18. Sep 2009 /usr/share/man/man5/postconf.5.gz
--
Ralf Hildebrandt:
> The POSTSCREEN_README mentions:
> "See the postscreen_access_list manpage documentation for more details."
>
> ./man/man8/postscreen.8 is the only man page with postscreen as part
> of the name - it does mention postscreen_access_list.
>
> man 5 postconf is also not listing p
On Thu, Jan 13, 2011 at 10:41:53PM +0100, Ralf Hildebrandt wrote:
> From my log:
>
> Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
> postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
> remainder of this access list
>
> The README says:
> postscreen_acce
The POSTSCREEN_README mentions:
"See the postscreen_access_list manpage documentation for more details."
./man/man8/postscreen.8 is the only man page with postscreen as part
of the name - it does mention postscreen_access_list.
man 5 postconf is also not listing postscreen_access_list
--
Ralf
Ralf Hildebrandt:
> >From my log:
>
> Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
> postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
> remainder of this access list
>
> The README says:
> postscreen_access_list = permit_mynetworks,
> /etc/
>From my log:
Jan 13 22:37:21 mail postfix/postscreen[17587]: warning:
postscreen_access_list: unknown command: permit_mynetworks, -- ignoring the
remainder of this access list
The README says:
postscreen_access_list = permit_mynetworks,
/etc/postfix/postscreen_access.cidr
whic
Am 13.01.2011 21:55, schrieb Zhou, Yan:
> I am connecting to Postfix, send it message with TO address in a remote
> domain, served by another mail server. I do not understand why such
> "relay" is happening
What do you expcet?
This is normal and they way email works
If you in "my_networks" relay
On 13/01/11 19:00, Jaques Cochet wrote:
After some reading:
- GFS and maildir work bad together
- NFS and maildir are not that good, NFS and postfix have some issues
but should be OK.
Where did you read that GFS worked badly with maildir? I'd be interested
to read into this
Thanks
On Thu, Jan 13, 2011 at 03:55:31PM -0500, Zhou, Yan wrote:
> I thought my Postfix would only accept messages
> destined to local domains.
>
> What am I missing?
>
> mynetworks = 10.128.61.0/24, 10.128.12.0/24, 127.0.0.0/8
Clients with the IP addresses above,
> sample_directory = /usr/share/doc
Hi there,
I am connecting to Postfix, send it message with TO address in a remote
domain, served by another mail server. I do not understand why such
"relay" is happening, I thought my Postfix would only accept messages
destined to local domains. Here is output of "postconf -n". I did not
define a
Christian Roessner:
> Hi,
>
> sorry, if this question might sound a bit stupid, but if I specify
> relay_recipient_maps with all valid recipients that postfix should
> relay for, why does it need relay_domains set? As an example:
If you wonder why Postfix does not always search all tables for
all
Hi,
sorry, if this question might sound a bit stupid, but if I specify
relay_recipient_maps with all valid recipients that postfix should relay for,
why does it need relay_domains set? As an example:
I have connected relay_domains to LDAP and have an object that returns all
domains. I also hav
After some reading:
- GFS and maildir work bad together
- NFS and maildir are not that good, NFS and postfix have some issues
but should be OK.
I read that OCFS2 is promising. If it works good, I can use an IMAP
proxy and run IMAP on backend servers with postfix. As for SMTP
relaying/scanning and
On Thu, Jan 13, 2011 at 08:45:19AM -0600, Noel Jones wrote:
> Once the cows get out, you can spend days rounding them up and some may
> never be found. Better to keep the gate closed.
>
> Corollary: Don't accept mail you can't deliver.
For a submission service, this means doing as much as possi
Le 13/01/2011 13:46, Jan-Frode Myklebust a écrit :
> On Thu, Jan 13, 2011 at 10:38:05AM -0200, Deives Michellis wrote:
>> Perdition works WITH dovecot (or whatever imap server you use). It's
>> just a proxy - will redirect connections based on username, origin,
>> etc...
>
> Yes, I know, and "dove
Postfix 2.8 is almost ready to become the new stable release. The
only thing in the pipeline is evalating the mysql update, sequence
and cache cleanup support.
There have been a few late changes to clean up the postscreen user
interface. I left in some backwards compatibility support for early
ad
On 1/13/2011 4:35 AM, Tom Kinghorn wrote:
Good afternoon list.
We have a problem of a number of our clients which appear to
have been affected by malware/bots.
these clients use our servers as a smarthost.
The messages are similar, so creating a spam filter for
spamassassin has been done.
I ha
Currently on my MX servers I use a custom rhsbl to reject domains
blacklisted by us. The DNS lookups are handled using a local rbldnsd
server.
I am trying to create a list of spammer email ids so that I can reject
spammers of neutral domains. But this can be a potentially huge list.
I am not
On 13/01/11 09:58, Stan Hoeppner wrote:
Jonathan Tripathy put forth on 1/12/2011 8:58 AM:
Major point is that GlusterFS is NOT another file system. GlusterFS uses a
disk based backend and relies heavily on the underlying filesystem extended
attributes for handling which file is more recent on
On Thu, Jan 13, 2011 at 10:38:05AM -0200, Deives Michellis wrote:
> Perdition works WITH dovecot (or whatever imap server you use). It's
> just a proxy - will redirect connections based on username, origin,
> etc...
Yes, I know, and "dovecot director" also works with dovecot (or any
other imap ser
Perdition works WITH dovecot (or whatever imap server you use). It's
just a proxy - will redirect connections based on username, origin,
etc...
On Thu, Jan 13, 2011 at 09:59:26AM -0200, Deives Michellis wrote:
> Have you guys considered using Perdition to proxy/redirect IMAP/POP to
> distribute backend storage to as many as backends as you want?
Yes, but I prefer dovecot (since that's what we're running on the
backend POP/IMAP-servers). I
Patrick Ben Koetter:
> Reading through the logs I noted recurring "initializing the client-side TLS
> engine" entries that seem to take place no matter if the smtp client is using
> TLS at the moment or not.
Don't turn on verbose logging by default.
> So I am curious. Why is it that the Postfix s
Have you guys considered using Perdition to proxy/redirect IMAP/POP to
distribute backend storage to as many as backends as you want? You
wont need any SAN/NAS/NFS/GFS/whatever, just a user/storage mapping
(ldap, mysql, etc...), and you might even add spare or active/active
servers to each storage
Take a look at http://www.dbmail.org/ for imap/pop3
you can have as many servers you want connected with the
same database, i would use dovecot as proxy and for sasl-auth
which would give you even the option to use mysql-slaves
fpr the readonly-requests to spread the database-load
Am 13.01.2011 0
Good afternoon list.
We have a problem of a number of our clients which appear to have been
affected by malware/bots.
these clients use our servers as a smarthost.
The messages are similar, so creating a spam filter for spamassassin has
been done.
I have noticed that the sender is either a
Jonathan Tripathy put forth on 1/12/2011 8:58 AM:
>> Major point is that GlusterFS is NOT another file system. GlusterFS uses a
>> disk based backend and relies heavily on the underlying filesystem extended
>> attributes for handling which file is more recent on one brick over another
>> when perf
Reading through the logs I noted recurring "initializing the client-side TLS
engine" entries that seem to take place no matter if the smtp client is using
TLS at the moment or not.
So I am curious. Why is it that the Postfix smtp client initializes the
client-side TLS engine on a regular basis? Ra
On Thu, Jan 13, 2011 at 07:36:12AM +0200, Jaques Cochet wrote:
>
> I'm working on a mail system design for an ISP that includes hosting
> of multiple virtual domains managed by this ISP (300.000 mailbox). HA
> and performance are both important concerns for the client, so I have
> at least 2 of ev
47 matches
Mail list logo
