Re: SMTPS 465

On Apr 13, 2013, at 00:50, b...@bitrate.net wrote: > On Apr 12, 2013, at 15.25, Joan Moreau wrote: > >> Hi, >> >> I am stuck with making my SSL SMTPS (port 465) works, while it was working >> fine since ever. > > others have helped with the specifics of your question, so i'll address the > p

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

Any screenshots would be highly appreciated. I'm currently using Elasticsearch to store all my logs and Kibana for search. I was wondering how this tool will help more. On Thu, Apr 11, 2013 at 6:59 PM, Nicolas HAHN wrote: > Dear Postfix Community, > > I'm writing for the first time there but w

Re: Setting up secure submission for remote users

On Apr 12, 2013, at 7:10, btb wrote: > On 2013.04.12 07.01, LuKreme wrote: >> In our previous episode (Thursday, 11-Apr-2013), b...@bitrate.net >> said: >>> you can certainly upgrade without breaking everything. as with >>> anything else, it just takes some care and consideration. as far >>> as

Re: SMTPS 465

On Apr 12, 2013, at 15.25, Joan Moreau wrote: > Hi, > > I am stuck with making my SSL SMTPS (port 465) works, while it was working > fine since ever. others have helped with the specifics of your question, so i'll address the philosophical aspect of it :) . while it may take some coordinati

Re: SMTPS 465

--On Friday, April 12, 2013 9:05 PM + Joan Moreau wrote: Please don't top-post. I do not understand --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the l

Re: SMTPS 465

Please don't top-post. I do not understand smtpd_tls_loglevel = 1 is sufficient for debugging. ok 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: warning: TLS library problem: 12238:error:1409D08A:SSL routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423:

Re: SMTPS 465

On 4/12/2013 2:49 PM, Joan Moreau wrote: > Actually, if type > > openssl s_client*-CApath BKQSDQSD* -connect 127.0.0.1:465 > > (Ie. whatever in the CApath field), the connection works fine > > but if not, I get an error. > > > > Putting "log level" at 3 in postfix, I get : Please don't top-

Re: SMTPS 465

Actually, if type openssl s_client -CAPATH BKQSDQSD -connect 127.0.0.1:465 (Ie. whatever in the CApath field), the connection works fine but if not, I get an error. Putting "log level" at 3 in postfix, I get : 2013-04-12T21:49:03.25+02:00 server postfix/smtpd[12238]: initializing th

Re: SMTPS 465

Hi, I need to type server:~ # openssl s_client -CAPATH /ETC/SSL -connect 127.0.0.1:465 to get a "OK" at the end. Is the the cause of the problem ? if yes, how to fix it in 'main.cf" ? CONNECTED(0003) depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA verify return:1 depth=0 O

Re: SMTPS 465

On 4/12/2013 2:25 PM, Joan Moreau wrote: > Hi, > > I am stuck with making my SSL SMTPS (port 465) works, while it was > working fine since ever. > > I upgraded my kernel to 3.8.6 and since then, nothing works :( > > What happens when you test it? # openssl s_client -connect 127.0.0.1:465 Wh

SMTPS 465

Hi, I am stuck with making my SSL SMTPS (port 465) works, while it was working fine since ever. I upgraded my kernel to 3.8.6 and since then, nothing works :( Here my postconf -n alias_maps = hash:/etc/aliases biff = no bounce_queue_lifetime = 6h broken_sasl_auth_clients = yes canonical_m

SMTPS 465

Hi, I am stuck with making my SSL SMTPS (port 465) works, while it was working fine since ever. I upgraded my kernel to 3.8.6 and since then, nothing works :( Here my postconf -n alias_maps = hash:/etc/aliases biff = no bounce_queue_lifetime = 6h broken_sasl_auth_clients = yes canonical_m

Re: Stripping Received: headers

Geoff Shang: > On Fri, 12 Apr 2013, Wietse Venema wrote: > > > You need to do "postfix reload" after editing master.cf. > > I did. I did it again for good measure - no difference. Are you using receive_override_options? in main.cf or master.cf? Wietse

[meta] Postfix List Archives

Though I've used postfix for a while, I'm pretty new to the list. There seem to be some good ideas and solutions going through here. So I'd like to see what all I've missed :) Unfortunately online http 'archives' aren't at all useful or flexible. So are there plain text archives available I can dow

Re: Stripping Received: headers

A word at the outset here: I predict this will come back to bite you in a most painful way. As Noel suggested, you're going to run afoul of some clueless spam checks. Some years back I know that Hotmail/MSN actually *discarded* such mail silently! Note also that Postfix itself uses Received: he

Re: [feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?

Am 12.04.2013 16:52, schrieb /dev/rob0: > I believe that DNS-based whitelisting will grow in importance, > especially in the IPv6 world. I expect to move into IPv6 with a > default-deny policy, where non-whitelisted hosts are rejected how do you imagine this working? in this case it would be

Re: [feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?

On Fri, Apr 12, 2013 at 04:39:29AM -0500, Stan Hoeppner wrote Re: scripting a list of Google outbound CIDRs: > This seems quite a bit less effort than Wietse adding the feature > you requested. The end result is nearly identical, at least for > the Google case, and can easily be extended to c

Re: Stripping Received: headers

On Fri, 12 Apr 2013, Wietse Venema wrote: You need to do "postfix reload" after editing master.cf. I did. I did it again for good measure - no difference. The submission_cleanup service will see the Received: header that was prepended by the submission server. Is there any way I can be su

Re: Stripping Received: headers

Geoff Shang: > On Fri, 12 Apr 2013, Geoff Shang wrote: > > >>submission inet n - - - - smtpd > >>-o cleanup_service=submission_cleanup > >> > >>submission_cleanup unix n cleanup > >>-o header_checks=pcre:/etc/postfix/heade

Re: Stripping Received: headers

On Fri, 12 Apr 2013, Geoff Shang wrote: submission inet n - - - - smtpd -o cleanup_service=submission_cleanup submission_cleanup unix n cleanup -o header_checks=pcre:/etc/postfix/header_checks would do the job.

Re: Serving Dovecot mailbox quota status to Postfix

Fri, 12 Apr 2013 15:27:26 +0200 skrev Ralf Hildebrandt : > * Titanus Eramius : > > > Very useful, thank you for writing and sharing. May I suggest the > > english Wiki-article for background on backscatter? > > URL? > Sorry, off course http://en.wikipedia.org/wiki/Backscatter_(email)

Re: Serving Dovecot mailbox quota status to Postfix

* Titanus Eramius : > Very useful, thank you for writing and sharing. May I suggest the > english Wiki-article for background on backscatter? URL? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB

Re: Setting up secure submission for remote users

On 2013.04.12 07.01, LuKreme wrote: In our previous episode (Thursday, 11-Apr-2013), b...@bitrate.net said: you can certainly upgrade without breaking everything. as with anything else, it just takes some care and consideration. as far as procmail goes, i'd consider losing procmail to be a ben

Re: Stripping Received: headers

On Thu, 11 Apr 2013, Wietse Venema wrote: Geoff Shang: submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o hea

Re: Serving Dovecot mailbox quota status to Postfix

Am 12.04.2013 13:24, schrieb Titanus Eramius: > Thu, 11 Apr 2013 22:58:36 +0200 skrev Ralf Hildebrandt : > >> I wrote a little something about how to prevent delivery to mailboxes >> over quota while still being in the SMTP dialogue: >> http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quo

Re: Serving Dovecot mailbox quota status to Postfix

Ralf Hildebrandt: > * Ralf Hildebrandt : > > I wrote a little something about how to prevent delivery to mailboxes > > over quota while still being in the SMTP dialogue: > > http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ > > (Postfix/Dovecot) > > To be precise: Postfix/Dovecot-2.

Re: Serving Dovecot mailbox quota status to Postfix

Thu, 11 Apr 2013 22:58:36 +0200 skrev Ralf Hildebrandt : > I wrote a little something about how to prevent delivery to mailboxes > over quota while still being in the SMTP dialogue: > http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ > (Postfix/Dovecot) > Very useful, thank you fo

Re: postfix and Berkeley DB

LuKreme: [ Charset windows-1252 unsupported, converting... ] > In our previous episode (Thursday, 11-Apr-2013), Reindl Harald said: > > i can not imagine that this file is created by the postfix > > of which you posted the ld-output because it is not linked > > against it > > I assure you it is. T

Re: postfix and Berkeley DB

In our previous episode (Thursday, 11-Apr-2013), Reindl Harald said: > i can not imagine that this file is created by the postfix > of which you posted the ld-output because it is not linked > against it I assure you it is. This is exactly why I am puzzled, though Sahil may have provided the answ

Re: Setting up secure submission for remote users

In our previous episode (Thursday, 11-Apr-2013), b...@bitrate.net said: > you can certainly upgrade without breaking everything. as with anything > else, it just takes some care and consideration. as far as procmail goes, > i'd consider losing procmail to be a benefit. why do you think you nee

Re: Forwarding from a particular email address

On Thu, 11 Apr 2013 17:41:25 -0400 (EDT) Wietse Venema articulated: > Mark Alan: > > On Thu, 11 Apr 2013 06:56:13 -0400 (EDT), Wietse Venema > > wrote: > > > > > That should be: > > > > > > us...@example1.com us...@example1.com us...@example2.com > > > us...@example3.com us...@example3.com us..

Re: [feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?

/dev/rob0: > I finally got around to my upgrade to 2.11-20130405 and was watching > logs. A gmail message fell afoul of the after-220 tests; each time it > came from a different host. Each one got a "PASS NEW" and of course > the "450 4.3.2 Service currently unavailable" rejection. > > These gm

Re: problem talking to server private/tlsmgr: Resource temporarily unavailable

Thanks! We're already using /dev/urandom. We've installed haveged, to increase the available entropy. Let's see if this works... On Wed, Apr 10, 2013 at 1:58 PM, Wietse Venema wrote: > > gloriamh: > > We're experiencing the same kind of problem. Did you find the cause of the > > problem? Is there

Re: [feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?

On 4/12/2013 12:58 AM, /dev/rob0 wrote: ... > So here's my idea (I think the parameter names are lousy, but it's > the best I could come up with this late at night): ... Or Maybe you could bash script this: dig +short txt _netblocks.google.com|sed s/ip4://g \ |mawk '{for(i=2; i<=(NF-1); i++