Re: different repo upgrade question 2.1/2.6 ?

On Sat, April 19, 2014 10:30 am, Patrick Laimbock wrote: >> sorry, I've assumed 'x.11' was an older release than 'x.66' > > It's not '66' but '6.6' as in 2.11.0 is newer than 2.6.6 because 11 > 6. Patrick, thanks OOOPPS..sorry... yes, having a senior moment/dyslexia/failing at basic math/can't e

Re: different repo upgrade question 2.1/2.6 ?

On 19-04-14 02:16, li...@sbt.net.au wrote: [snip] sorry, I've assumed 'x.11' was an older release than 'x.66' It's not '66' but '6.6' as in 2.11.0 is newer than 2.6.6 because 11 > 6. HTH, Patrick

Re: different repo upgrade question 2.1/2.6 ?

> > because there is an 2.11 package in a repo you have enabled which is > clearly newer then 2.6.x? > > what is your question about it? what should yum do are you thinking? so, 2.11 is newer version than 2.66, I see just looking on postfix.org, I can see: "Postfix stable release 2.11.0 is avai

Re: different repo upgrade question 2.1/2.6 ?

Am 19.04.2014 01:06, schrieb li...@sbt.net.au: > is it going to update 2.6.6 to 2.6.6-2.3 ? > why is it offering 2.11? > > [1]# yum update > Resolving Dependencies > --> Running transaction check > ---> Package postfix.x86_64 3:2.6.6-2.3.el6 will be updated > ---> Package postfix.x86_64 3:2.11.

different repo upgrade question 2.1/2.6 ?

I have a new server since few month ago, it was delivered with Postfix (and Dovecot) preinstalled from iRedMail repo, it all works well with Postfix 2.6.6 # postconf -d | grep mail_version mail_version = 2.6.6 milter_macro_v = $mail_name $mail_version couple of days I noticed this on yum update[1

Re: Changing SSL certificates - switching from self-signed to RapidSSL

Am 18.04.2014 21:22, schrieb Charles Marcus: > Ok, if you are willing, could you check me? > >> X.509 certificates come in a few data formats: >> >> - Binary ASN.1 DER format containing a single certificate. >>Not directly usable by Postfix. >> >> - ASCII PEM format certificate

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On Fri, Apr 18, 2014 at 05:00:22PM -0400, Charles Marcus wrote: > > smtpd_tls_cert_file = ${config_directory}/smtpd-chain.pdf > > smtpd_tls_key_file = ${config_directory}/smtpd-key.doc > > > >[ You'll probably pick less ridiculous file extensions, but they only > > enlighten or confuse t

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/18/2014 3:50 PM, Viktor Dukhovni wrote: In the sample command, "server_cert.pem" is a plausible name for a file that holds just the leaf server certificate. While "intermediate_CA.pem" is a plausible name for a file that hold one or more intermediate CA issuer certificates (in the right or

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On Fri, Apr 18, 2014 at 03:22:25PM -0400, Charles Marcus wrote: > >>Thanks again, Victor, but again, that is all over my head. I suspect more lack of confidence than lack of ability. Be more daring, take a guess, it'll probably be right. > > - ASCII PEM format certificate which is the base6

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/18/2014 3:06 PM, Viktor Dukhovni wrote: On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote: No. The correct approach is at: http://www.postfix.org/TLS_README.html#server_cert_key With legacy public CA trust verification, you can omit the root certificate from

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote: > I don't even know the difference between a .pem and .crt, and definitaly > don't have a clue when iti comes to chainming certs or anything. Those are just file names. File extensions having meaning is a CP/M and Windows concept.

Re: Need help about pcre REGEX header check

thanks guys... I will try and come back ;-) --- \\\|/// \\ - - // ( @ @ ) oOOo-(_)-oOOo- 【ツ】Joachim Coqblin【ツ】 0ooo --- oooO--( )-- ( )) / \ ( (_/

Re: Changing SSL certificates - switching from self-signed to RapidSSL

Thanks for the response Victor... On 4/18/2014 2:20 PM, Viktor Dukhovni wrote: On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote: Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've

Re: [OT] Postfix and Gmail

See below. On Friday, April 18, 2014 11:37:10 Steffan A. Cline wrote: > Clearly this list is for postfix related issues which I do use regularly > but there is a great deal of respected expertise here and am hoping > someone will have come across this before. > > I¹ve run into an issue with a post

Re: New Greylisting daemon

This is preferred usage. Closing the socket after each reply is wasteful. Wietse Thanks for the answer. Comments from Jan P. Kessler helped also. I've updated my code to keep connections opened unless a configurable timeout. According my tests, I've new data: - GreyLSE is now rated

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote: > Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, > the boss finally agreed to let me buy some real certs... > > Until now, we've been using self-signed certs with the following postfix > settings: > > sm

Re: recipient verification - troubleshooting which server Postfix is verifying against

On Fri, Apr 18, 2014 at 04:21:43PM +, Robert Becker wrote: > I'm running Postfix as my front-end MTA with Exchange 2010 behind it and > I'm trying to determine the best way to verify recipients on inbound mail. > I like the simplicity of using the built in verify functionality in Postfix, > bu

Re: OT: Official Postfix source code repository

That is exactly what I was looking for, just public read-only repository for main/master branch. It looks like it's this https://github.com/vdukhovni/postfix ? Only downside is that there's no useful commit messages. So basically have to look at commit individually to see what exactly was changed.

Changing SSL certificates - switching from self-signed to RapidSSL

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following postfix settings: smtpd_tls_cert_file = /etc/ssl/ourCerts/smtp_crt.pem smtpd_tls_key_

Re: Need help about pcre REGEX header check

On Fri, Apr 18, 2014 at 05:18:55PM +0200, Joachim Coqblin wrote: > needs a Postfix specialist. No, just someone with a respectable score on regex golf: http://regex.alf.nu/ > /From:(*tomorrowltd.*.)/i REJECT "Die spammer!!" You forgot to "anchor" the expression: /^From:.../ You

Re: Official Postfix source code repository?

I'm closing this thread: take it off list or be removed. Postfix is not the Linux kernel, and any comparison between the two is not applicable. Wietse

Re: Official Postfix source code repository?

I've nothing against tarballs and I'm not saying that there shouldn't be tarballs. I'm also not saying that repository could work as release distribution which it's not and I never said so. All I'm saying is that there also should be a source code repository with full commit history so that each co

Re: OT: Official Postfix source code repository

On Fri, Apr 18, 2014 at 12:51:42PM -0400, Wietse Venema wrote: > Viktor keeps an unofficial GIT repository which is based on Postfix > releases and stuff that he works on himself. Note, I do not promise a stable history for any of the development branches. I squash commits at will, and delete br

Re: [OT] Postfix and Gmail

Steffan A. Cline: > This server does not have IPv6 enabled so in the main.cf I just set it to > IPv4 only. > > >> : host > >> gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a] said: 550-5.7.1 > >> [2605:d400:0:b:216:3eff:fe63:ca2f 12] Our system has d

Re: [OT] Postfix and Gmail

Am 18.04.2014 17:37, schrieb Steffan A. Cline: > Clearly this list is for postfix related issues which I do use regularly > but there is a great deal of respected expertise here and am hoping > someone will have come across this before. > > I¹ve run into an issue with a postfix server I set up for

Re: OT: Official Postfix source code repository

--On Friday, April 18, 2014 1:51 PM -0400 Wietse Venema wrote: Viktor keeps an unofficial GIT repository which is based on Postfix releases and stuff that he works on himself. I expect that there will be some public repository that is updated with each release, but the public one would not be

Re: Official Postfix source code repository?

--On Friday, April 18, 2014 5:51 PM + Viktor Dukhovni wrote: Wietse does not use git, but he may some day. Whether he does or does not use git, signed tarballs will for the forseeable future continue to be the primary means by which Postfix releases are made available. +1 I really dete

Re: [OT] Postfix and Gmail

Wietse, Thanks for the fast response! This server does not have IPv6 enabled so in the main.cf I just set it to IPv4 only. inet_protocols = ipv4 I did put your configs in but commented them out for the moment. I have the dkim milter now enabled with the spf. Gmail also lists DMARC as another

OT: Official Postfix source code repository

> > I couldn't find Postfix source code repository, I saw only tarballs. > > Source control (SCM/VCS) is a MUST have. It's unbelievable that people just > > work with tarballs without proper source control. > > It's unbelievable that kids these days see every software > development/maintenance tas

Re: Official Postfix source code repository?

On Fri, Apr 18, 2014 at 05:37:26PM +0100, Jim Reid wrote: > So what? It ain't broke and therefore doesn't need fixing. > Especially by bloatware like git. While the OP is trolling, and will be booted from the list if trolling persists, please don't take the bait and launch into a crusade against

Re: Official Postfix source code repository?

On 18 Apr 2014, at 16:47, Dāvis Mosāns wrote: > I couldn't find Postfix source code repository, I saw only tarballs. > Source control (SCM/VCS) is a MUST have. It's unbelievable that people just > work with tarballs without proper source control. It's unbelievable that kids these days see every

Re: [OT] Postfix and Gmail

Steffan A. Cline: > Clearly this list is for postfix related issues which I do use regularly > but there is a great deal of respected expertise here and am hoping > someone will have come across this before. > > I?ve run into an issue with a postfix server I set up for a friend when > connecting t

recipient verification - troubleshooting which server Postfix is verifying against

I'm running Postfix as my front-end MTA with Exchange 2010 behind it and I'm trying to determine the best way to verify recipients on inbound mail. I like the simplicity of using the built in verify functionality in Postfix, but when I put warn_if_reject reject_unverified_recipients into my sm

Re: Official Postfix source code repository?

disclaimer: i am not the author of postfix, only *my* opinion Am 18.04.2014 17:47, schrieb Dāvis Mosāns: > I couldn't find Postfix source code repository, I saw only tarballs. > Source control (SCM/VCS) is a MUST have. says who? > It's unbelievable that people just work with tarballs without >

Official Postfix source code repository?

I couldn't find Postfix source code repository, I saw only tarballs. Source control (SCM/VCS) is a MUST have. It's unbelievable that people just work with tarballs without proper source control. It doesn't matter which you use, but it must be available. Sending patches over email is what people did

[OT] Postfix and Gmail

Clearly this list is for postfix related issues which I do use regularly but there is a great deal of respected expertise here and am hoping someone will have come across this before. I¹ve run into an issue with a postfix server I set up for a friend when connecting to Gmail. The message returned

Re: Need help about pcre REGEX header check

On 18 avr. 2014, at 17:18, Joachim Coqblin wrote: > /From:(*tomorrowltd.*.)/i REJECT "Die spammer!!" what about /From: .*tomorrowltd\..*/i REJECT "bye" Patrick

Need help about pcre REGEX header check

Hi, needs a Postfix specialist. I have the following rule in my main.cf file: # Restriction to be applied to the message header header_checks = pcre :/etc/postfix/header_checks. pcre In the file /etc/postfix/header_checks.pcre I have this kind of rules: /From:(*tomorrowltd.*.)/i REJECT "Die spam

Re: Wondering about the encoding of the README_FILES/*

On Fri, 18 Apr 2014 09:19:56 -0400 (EDT) wie...@porcupine.org (Wietse Venema) wrote: > Amazingly, all this is described in a file called INSTALL: > Thank you for your reply and patience, I can't believe I missed it... Cheers, Titanus

Re: Wondering about the encoding of the README_FILES/*

Titanus Eramius: > Hi list > > At some point in the future, I would like to build Postfix myself, and > to that end I have downloaded the current stable source. Reading > through the documentation is a bit hard though, since my system and > it's software is unable to render the documents probably.

Re: header check chaining

St?phane: > So I cannot have the two at the same time. I would like to chain the two > modifications. How is it possible ? As documented in header_checks, not possible. Wietse

Wondering about the encoding of the README_FILES/*

Hi list At some point in the future, I would like to build Postfix myself, and to that end I have downloaded the current stable source. Reading through the documentation is a bit hard though, since my system and it's software is unable to render the documents probably. I've taken a screenshot, sh

Re: New Greylisting daemon

Jan P. Kessler: > > May I ask this: if we consider the policy server keep the connection > > opened and don't close it by itself, will Postfix use the connection to This is preferred usage. Closing the socket after each reply is wasteful. Wietse

header check chaining

Hi, I have a testing box that is hosting a webapp and it is not supposed to send mail to the "real" recipients during testing phase. Though it should sent it anyway for debugging purpose. So I came up with this rules in header_check... /^To:[[:space:]]+(.*)@(.*)\.(.*)/ REDIRECT majord...@exampl

Re: New Greylisting daemon

> Yes. I'm working on preforking (in fact, I've started to analyze > prefork.c from Apache web server some days ago...). Threads are an > option, but we choose forking for better isolation. Some people say > forking and threading is basically the same in term of perfs, that's > even written in som

Re: New Greylisting daemon

Le 18/04/2014 10:17, Jan P. Kessler a écrit : Hi, maybe you should set up an own mailing list for GreyLSE. The are a lot of coders at this list. If any of them would use this list to discuss their own topics it might become somewhat confusing here. You're right, old, historycal mailing lists e

Re: New Greylisting daemon

Hi, maybe you should set up an own mailing list for GreyLSE. The are a lot of coders at this list. If any of them would use this list to discuss their own topics it might become somewhat confusing here. > - should be able to handle a lot of Postfix policy delegation requests > per second, due to