On Tue, Mar 08, 2011 at 06:26:47PM -0800, Quanah Gibson-Mount wrote:
>
>
> --On March 8, 2011 10:20:21 AM -0800 Walter Smith
> wrote:
>
>>
>> Hi there!
>>
>> How severe this bug is?
>
> The CVE gave it 1.39 out of a possible 180 points. Or < 2%.
>
> It will of course be addressed in a later Zim
Noel Jones wrote:
> Many years ago I worked on a system with a 32k limit on pcre
> expressions. Ever since then, everything I've checked has
> been 64k, and then I gave up checking. I expect any
> non-ancient system will support 64k, and some maybe even more.
> (To clarify for others follo
--On March 8, 2011 10:20:21 AM -0800 Walter Smith
wrote:
Hi there!
How severe this bug is?
The CVE gave it 1.39 out of a possible 180 points. Or < 2%.
It will of course be addressed in a later Zimbra release.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--
On 3/8/2011 6:00 PM, Erik de Castro Lopo wrote:
Noel Jones wrote:
The pattern length limit is controlled by the pcre library
you're using. I think most implementations limit single
expressions to 64k characters.
Obviously something that needs testing.
Many years ago I worked on a system wi
on Wed, Mar 09, 2011 at 12:03:27AM +0100, mouss wrote:
> [WARNING: Steven CC'd]
:-)
> Le 08/03/2011 21:29, Stan Hoeppner a écrit :
> > That makes me wonder why Enemies List[1] uses complex expressions,
> > each one precisely matching a specific rDNS pattern, given EL
> > matches 65k+ patterns to
On Tue, Mar 08, 2011 at 03:19:53PM -0600, Stan Hoeppner wrote:
> Dennis Guhl put forth on 3/8/2011 11:52 AM:
>
> > If you are blocked because of Spamhaus' PBL you are on an consumer
> > dial up (http://www.spamhaus.org/pbl/)
>
> FYI, the PBL isn't limited to dynamic listings. Many corporations
On Mon, 2011-03-07 at 23:47 +0100, Reindl Harald wrote:
> Hi Wietse
>
> I would like to say THANK YOU for postfix because i know
> developers are hearing this words not often enough as long
> their "baby" is running well and nobody takes notice about
>
> Especially for the great documentation a
Benny Pedersen:
> subject says it all imho
>
> added lines is exact same as found on postconf -d
Postfix always sets the "installation" parameters with the patnames
of commands and directories. This is much more reliable than trying
to be clever and setting only the ones that aren't at the defaul
Katzir, Igal:
> Hi Postfix Users,
>
> We are running a couple of postfix servers version 2.3.x which
> mainly relay notification messages to our customers.
> The various application servers which trigger notifications are
> not consistent so we are rewriting the mail field with
> these two tables
subject says it all imho
added lines is exact same as found on postconf -d
why ?
main.cf is just a initial example conf mostly better to start with 100%
empty main.cf and add lines that need to be changed from defaults of
postconf -d
if this changes are really needed, then its okay, but i like
> Especially for the great documentation and crazy online-times
> on the mailing-list :-)
agre 215% with you :=)
Noel Jones wrote:
> The pattern length limit is controlled by the pcre library
> you're using. I think most implementations limit single
> expressions to 64k characters.
Obviously something that needs testing.
> It's unclear to me if a single huge complex expression will
> evaluate faster th
mouss:
[ Charset ISO-8859-1 unsupported, converting... ]
> Le 08/03/2011 23:49, Erik de Castro Lopo a ?crit :
> > Wietse Venema wrote:
> >
> >> If you must match a very large numbers of patterns, you need an
> >> implementation that transforms N patterns into one deterministic
> >> automaton. This
Steve wrote:
> > If not, it would be possible to convert this (3 only, but could be
> > hundreds or even thousands):
> >
> >/^([0-9]{1,3}\.){4}\.dsl\.dynamic\.eranet\.pl$/
> >/^([0-9]{1,3}\.){4}\.dynamic\.snap\.net\.nz$/
> >/^([0-9]{1,3}\.){4}\.nat\.umts\.dynamic\.eranet\.pl$/
> >
>
Le 08/03/2011 23:49, Erik de Castro Lopo a écrit :
> Wietse Venema wrote:
>
>> If you must match a very large numbers of patterns, you need an
>> implementation that transforms N patterns into one deterministic
>> automaton. This can match 1 pattern in the same time as N patterns.
>> Once the auto
On 3/8/2011 4:49 PM, Erik de Castro Lopo wrote:
Wietse Venema wrote:
If you must match a very large numbers of patterns, you need an
implementation that transforms N patterns into one deterministic
automaton. This can match 1 pattern in the same time as N patterns.
Once the automaton is built (
Original-Nachricht
> Datum: Wed, 9 Mar 2011 09:49:21 +1100
> Von: Erik de Castro Lopo
> An: postfix-users@postfix.org
> Betreff: Re: regular expressions was: Kernel Oops
> Wietse Venema wrote:
>
> > If you must match a very large numbers of patterns, you need an
> > implemen
[WARNING: Steven CC'd]
Le 08/03/2011 21:29, Stan Hoeppner a écrit :
> Wietse Venema put forth on 3/8/2011 10:39 AM:
>> Stan Hoeppner:
>>> So, the question is, which form of expression processes the "does not
>>> match" case faster? The fully qualified expression, or the simple
>>> expression? No
Wietse Venema wrote:
> If you must match a very large numbers of patterns, you need an
> implementation that transforms N patterns into one deterministic
> automaton. This can match 1 pattern in the same time as N patterns.
> Once the automaton is built (which takes some time) it is blindingly
> f
Hi Postfix Users,
We are running a couple of postfix servers version 2.3.x which mainly relay
notification messages to our customers.
The various application servers which trigger notifications are not consistent
so we are rewriting the mail field with these two tables:
sender_canonical_maps =
On Sun, Mar 06, 2011 at 02:20:19PM +0100, David Touzeau wrote:
> Thanks Jeroen
>
> Here it is information requested
>
>
> postconf -n
Yikes. I didn't read through all of that, but I'm sure you have gone
way overboard in changing (or perhaps, restating) default settings.
Jeroen would say, if y
On Tue, Mar 08, 2011 at 10:55:25PM +0100, Ulrich Mierendorff wrote:
> I am using an after queue-content filter that signs outgoing emails
> (dkimproxy). My problem is that these messages are modified AFTER the
> signature was added which breaks the signature. As far as I can see, "\n"
> is repl
Stan Hoeppner wrote:
Dennis Guhl put forth on 3/8/2011 11:52 AM:
If you are blocked because of Spamhaus' PBL you are on an consumer
dial up (http://www.spamhaus.org/pbl/)
FYI, the PBL isn't limited to dynamic listings. Many corporations add
their unused IP space to the PBL, along with other
Hi,
I am using an after queue-content filter that signs outgoing emails
(dkimproxy). My problem is that these messages are modified AFTER the
signature was added which breaks the signature. As far as I can see,
"\n" is replaced by "\r\n" and "Content-Transfer-Encoding: 8bit" is
replaced by "Co
Dennis Guhl put forth on 3/8/2011 11:52 AM:
> If you are blocked because of Spamhaus' PBL you are on an consumer
> dial up (http://www.spamhaus.org/pbl/)
FYI, the PBL isn't limited to dynamic listings. Many corporations add
their unused IP space to the PBL, along with other IPs within their
net
On Tue, Mar 08, 2011 at 02:58:50PM -0500, Steve Angelo wrote:
> > > So I was thinking.. Since my old server at rackspace is still up and
> > > running, would it be possible to have configure my AWS postfix server to
> > > send all outbound mail to the Rackspace postfix server and have that
> > serv
On Tue, Mar 08, 2011 at 02:29:23PM -0600, Stan Hoeppner wrote:
> So this would mean the simpler expressions would be faster? That makes
> me wonder why Enemies List[1] uses complex expressions, each one
> precisely matching a specific rDNS pattern,
To avoid false positives by matching in the wro
Steve Angelo put forth on 3/8/2011 11:25 AM:
> I recently moved my production server from Rackspace to AWS and Amazon is
> now having a PBL issue that may take days to resolve and my IP is listed so
> most of the mail is not going out due to PBL from Spamhaus.
You should have asked for advice bef
* Michael :
> smtp inet n - n - - smtpd
>-o content_filter=spamassassin
...
> spamassassin unix - n n - - pipe
> user=spamd argv=/usr/bin/spamc -f -e
> /usr/sbin/sendmail -oi -f ${sender} ${recipient}
So the
Wietse Venema put forth on 3/8/2011 10:39 AM:
> Stan Hoeppner:
>> So, the question is, which form of expression processes the "does not
>> match" case faster? The fully qualified expression, or the simple
>> expression? Noel mentioned that the fully qualified expressions will
>> tend to process f
On Tue, 2011-03-08 at 21:18 +0100, Ralf Hildebrandt wrote:
> * Michael :
> > On Tue, 2011-03-08 at 21:13 +0100, Ralf Hildebrandt wrote:
> > >
> > > You seem to have a content_filter setup. Could that be?
> >
> > Yes, SpamAssassin is in the chain. I did'nt realise this may be the
> > issue.
>
>
* Michael :
> On Tue, 2011-03-08 at 21:13 +0100, Ralf Hildebrandt wrote:
> >
> > You seem to have a content_filter setup. Could that be?
>
> Yes, SpamAssassin is in the chain. I did'nt realise this may be the
> issue.
Please show master.cf
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
On Tue, 2011-03-08 at 21:13 +0100, Ralf Hildebrandt wrote:
>
> You seem to have a content_filter setup. Could that be?
Yes, SpamAssassin is in the chain. I did'nt realise this may be the
issue.
* Michael :
> This might be a stupid question.
>
> I have a header_check rule that puts certain mails into the HOLD queue
> for inspection by senior staff, and when its released into the deferred
> queue for delivery, it gets chucked back into the HOLD queue due to
> Postfix reapplying the Header_
This might be a stupid question.
I have a header_check rule that puts certain mails into the HOLD queue
for inspection by senior staff, and when its released into the deferred
queue for delivery, it gets chucked back into the HOLD queue due to
Postfix reapplying the Header_checks.
It does go thr
> > So I was thinking.. Since my old server at rackspace is still up and
> > running, would it be possible to have configure my AWS postfix server to
> > send all outbound mail to the Rackspace postfix server and have that
> server
> > send out the email? The originating IP would have to be the Rac
* Victor Duchovni :
> On Tue, Mar 08, 2011 at 04:27:20PM +0100, Ralf Hildebrandt wrote:
>
> > If I change the bounce_template_file, is a "postfix reload" for the
> > change to take (immediate) effect needed?
>
> Yes, if you want the effect to be "immediate".
>
> > Looking at http://www.postfix.o
On Tue, Mar 08, 2011 at 04:27:20PM +0100, Ralf Hildebrandt wrote:
> If I change the bounce_template_file, is a "postfix reload" for the
> change to take (immediate) effect needed?
Yes, if you want the effect to be "immediate".
> Looking at http://www.postfix.org/bounce.8.html I'm seeing
>
> m
Walter Smith:
> Hi there!
> ?
> How severe this bug is?
Please read the announcement, section "overview and impact".
http://www.postfix.org/CVE-2011-0411.html
"This is not as big a problem as it may appear to be. The reason
is that many SMTP client applications don't verify server TLS
certificate
Hi there!
How severe this bug is?
I'm running few Zimbra servers and seems like it's there:
% telnet 0 25
220 myzimbra ESMTP Postfix
starttls
220 2.0.0 Ready to start TLS
% telnet 0 587
220 myzimbra ESMTP Postfix
starttls
220 2.0.0 Ready to start TLS
Should I disable it for now - is t
On Tue, Mar 08, 2011 at 12:25:32PM -0500, Steve Angelo wrote:
> Hi all.. Please forgive me as I'm a postfix newbie.. I'm currently running
> version 2.6.5 on an Ubuntu server. I have a codeignitor app that sends
> outbound mail only. no inbound mail is processed/advertised.
>
> I recently moved my
when is it the official rpm.
Simon Mudd
the new rpms are still not present
Le lundi 07 mars 2011 à 15:18 -0500, Wietse Venema a écrit :
> [An on-line version of this announcement will be available at
> http://www.postfix.org/announcements/postfix-2.7.3.html]
>
> Postfix legacy releases 2.7.3,
Hi all.. Please forgive me as I'm a postfix newbie.. I'm currently running
version 2.6.5 on an Ubuntu server. I have a codeignitor app that sends
outbound mail only. no inbound mail is processed/advertised.
I recently moved my production server from Rackspace to AWS and Amazon is
now having a PBL
Stan Hoeppner:
> So, the question is, which form of expression processes the "does not
> match" case faster? The fully qualified expression, or the simple
> expression? Noel mentioned that the fully qualified expressions will
> tend to process faster. Is this true? Is it true for both the
> "ma
mouss put forth on 3/7/2011 5:45 PM:
> Le 07/03/2011 15:13, Stan Hoeppner a écrit :
>> Ok, so if I'm doing what I've heard called a "fully qualified regular
>> expression", WRT FQrDNS matching, should I use the anchors or not?
>> postmap -q says these all work (the actuals with action and text tha
If I change the bounce_template_file, is a "postfix reload" for the
change to take (immediate) effect needed?
Looking at http://www.postfix.org/bounce.8.html I'm seeing
max_idle (100s)
max_use (100)
which are implying that after 100 bounces or 100s of no usage, Postfix
will let bounce die an
Hajo Locke:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hello,
>
> >> smtpd_sasl_path = inet:localhost:1434
> >>
> >> seems to work but it is not documented.
> >
> > As documented:
> >
> > smtpd_sasl_path (default: smtpd)
> > Implementation-specific information that the Postfix SMTP
Victor Duchovni:
> On Tue, Mar 08, 2011 at 12:59:15PM +1100, Brad Hards wrote:
>
> > On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
> > > This is a writeup about a flaw that I found recently, and that
> > > existed in multiple implementations of SMTP (Simple Mail Transfer
> > > Protocol) over
Erik de Castro Lopo put forth on 3/7/2011 4:50 PM:
> Given the above data, I think I am justified in using the following
> pcre rule:
>
> /^Received-SPF:.*helo=[a-z0-9.-]+\.mail\\.yahoo\.com;
> envelope-from=[^@]+@att.net/i REJECT
This is possibly less complex, totally effective, and p
On Mar 7, 2011, at 5:47 PM, Reindl Harald wrote:
> Hi Wietse
>
> I would like to say THANK YOU for postfix because i know
> developers are hearing this words not often enough as long
> their "baby" is running well and nobody takes notice about
>
> Especially for the great documentation and craz
Em 8/3/2011 10:54, Victor Duchovni escreveu:
> The exit status of "99" is I believe designed with qmail in mind. Also
> this message did not get routed to the transport you configured, it got
> handled by "local(8)", the command "tmda-filter" is not what you
> show above. You appear to be rather co
Wietse Venema put forth on 3/7/2011 2:08 PM:
> CERT/CC announces a flaw today in multiple STARTTLS implementations.
> This problem was silently fixed in Postfix 2.8 and 2.9. Updates
> for Postfix 2.[4-7] are made available via the usual channels.
Nice catch Wietse! Normally I'd follow that with "
On Tue, Mar 08, 2011 at 10:38:09AM -0300, M?rcio Luciano Donada wrote:
> I understand perfectly that postfix has nothing to do with tmda, but I'm
> so use it to transport, as follows, but so the tmda returns code 99 [2].
> Well, what I am now is much the same set up as a transport:
You can't use
Hi list
I understand perfectly that postfix has nothing to do with tmda, but I'm
so use it to transport, as follows, but so the tmda returns code 99 [2].
Well, what I am now is much the same set up as a transport:
In the master.cf file:
# TMDA
tmdaunix- n n - -
On Tue, Mar 08, 2011 at 01:38:28PM +0100, Raven wrote:
> I would like to implement server-to-server TLS encryption between two
> postfix instances I manage. One of the servers already has
> TLS-capabilities but they are only used for SASL-AUTH clients.
>
> Where do I start to have the entire stre
Hi guys.
I would like to implement server-to-server TLS encryption between two
postfix instances I manage. One of the servers already has
TLS-capabilities but they are only used for SASL-AUTH clients.
Where do I start to have the entire stream between the servers to be
encrypted?
Thanks.
-RV
On 08/03/11 13:05, Patrick Ben Koetter wrote:
> $ man 5 postconf | less +/^smtp_bind_address
thanks, this does the trick!
* Bas Mevissen :
> On Tue, 2011-03-08 at 12:36 +0100, Ákos Maróy wrote:
> > Hi,
> >
> > I wonder how postfix decides on what IP address to bind to / initiation
> > IP connections from, in terms of sending outgoing mail?
> >
> > I have a server with 5 IP addresses, where the IP address I'm using
On 08/03/11 12:57, Bas Mevissen wrote:
> If I'm not mistaken, the setting of inet_interfaces is for the
> _listening_ port only and not for the outgoing one.
I see.. is there no way to force the outgoing IP address?
> It depends on the the routing table which interface is used for outgoing
> mail
On Tue, 2011-03-08 at 12:36 +0100, Ákos Maróy wrote:
> Hi,
>
> I wonder how postfix decides on what IP address to bind to / initiation
> IP connections from, in terms of sending outgoing mail?
>
> I have a server with 5 IP addresses, where the IP address I'm using for
> receiving mail is the mai
Hi,
I wonder how postfix decides on what IP address to bind to / initiation
IP connections from, in terms of sending outgoing mail?
I have a server with 5 IP addresses, where the IP address I'm using for
receiving mail is the main IP address for the machine. I've set the
following in main.cf to e
61 matches
Mail list logo
