On 26 Jul 2014, at 01:42, McKinnon Chris wrote:
> I’ve done some testing with swaks trying to track my performance issue. I
> don’t think this is a postfix issue. It is just the most apparent symptom.
> I’ve also noticed SSH to my server is quite laggy but if I use the command
> line with S
BlueStar88:
> So the client certificate indeed helps to tell the server -something-
> about the connections integrity?
Unless you have a reason to require that all mail from this
particular sender comes only from hosts with this particular
client certificate, it tells nothing.
Wietse
Hi,
I’ve done some testing with swaks trying to track my performance issue. I
don’t think this is a postfix issue. It is just the most apparent symptom.
I’ve also noticed SSH to my server is quite laggy but if I use the command line
with Screen Sharing it is responsive. Same with SFTP, some
On Fri, 25 Jul 2014 22:13:14 +
Viktor Dukhovni wrote:
>On Fri, Jul 25, 2014 at 11:43:41PM +0200, BlueStar88 wrote:
>
>> Well, you made many words, thank you for that patience! Now I think my
>> false assumption (and underlying expectation) was, that this "backfiring"
>> client certificate ver
On Fri, Jul 25, 2014 at 11:43:41PM +0200, BlueStar88 wrote:
> Well, you made many words, thank you for that patience! Now I think my
> false assumption (and underlying expectation) was, that this "backfiring"
> client certificate verification leads to at least some assessment about
> the connectio
Chris:
> On Fri, 2014-07-25 at 16:23 -0500, Chris wrote:
> > On Fri, 2014-07-25 at 17:14 -0400, Wietse Venema wrote:
> > > Chris:
> > > > default_transport = error
> > > > relay_transport = error
> > >
> > > It's like somebody took two guns and aimed at both feed.
> > >
> > > Wietse
> >
> > Th
On Fri, 2014-07-25 at 16:23 -0500, Chris wrote:
> On Fri, 2014-07-25 at 17:14 -0400, Wietse Venema wrote:
> > Chris:
> > > default_transport = error
> > > relay_transport = error
> >
> > It's like somebody took two guns and aimed at both feed.
> >
> > Wietse
>
> They should both be 'smtp' no
On Fri, Jul 25, 2014 at 04:29:27PM -0500, Chris wrote:
> > > default_transport = error
> > > mydestination = localhost, localhost.localdomain, localhost
> > > relay_transport = error
> > > relayhost = smtp.embarqmail.com:587
> >
> > Any questions?
>
> I hopefully have it correct now Viktor, chan
On Fri, 25 Jul 2014 18:45:07 +
Viktor Dukhovni wrote:
>Failure to understand the fundamental asymmetry between the client
>and server roles in SMTP (in particular) or TLS (in general) leads
>to magical thinking where you want the impossible, and insist that
>surely everyone is negligent or in
On Fri, 2014-07-25 at 21:01 +, Viktor Dukhovni wrote:
> On Fri, Jul 25, 2014 at 03:57:43PM -0500, Chris wrote:
>
> > > That would be virtual_alias_domains, but there could also be issues
> > > with various main.cf transport settings or a "*" entry in the
> > > transport table.
> > >
> > > Is
On Fri, 2014-07-25 at 17:14 -0400, Wietse Venema wrote:
> Chris:
> > default_transport = error
> > relay_transport = error
>
> It's like somebody took two guns and aimed at both feed.
>
> Wietse
They should both be 'smtp' not error, no wonder it didn't work
Thank you so much, hopefully th
Will Yardley:
> Ah, but in my case, I am using '.domain.tld' vs. 'domain.tld', so I
> guess my original question really was, does .domain.tld match subdomains
> for $mynetworks / $smtpd_client_event_limit_exceptions when specified in
> that way?
In the case of mynetworks, it depends on the presenc
Chris:
> default_transport = error
> relay_transport = error
It's like somebody took two guns and aimed at both feed.
Wietse
On Fri, Jul 25, 2014 at 03:57:43PM -0500, Chris wrote:
> > That would be virtual_alias_domains, but there could also be issues
> > with various main.cf transport settings or a "*" entry in the
> > transport table.
> >
> > Is there "*" key in transport_maps? Otherwise, a full "postconf -n"
> > sh
On Fri, 2014-07-25 at 20:26 +, Viktor Dukhovni wrote:
> On Fri, Jul 25, 2014 at 10:25:04AM -0500, Chris wrote:
>
> > > > Jul 24 17:37:08 localhost postfix/error[988]: 1785111C10E8:
> > > > to=, relay=none, delay=1.2, delays=0.55/0.41/0/0.24,
> > > > dsn=5.0.0, status=bounced (smtp.embarqmail.c
On Fri, Jul 25, 2014 at 10:25:04AM -0500, Chris wrote:
> > > Jul 24 17:37:08 localhost postfix/error[988]: 1785111C10E8:
> > > to=, relay=none, delay=1.2, delays=0.55/0.41/0/0.24,
> > > dsn=5.0.0, status=bounced (smtp.embarqmail.com:587)
> > ...
> > > Diagnostic-Code: X-Postfix; smtp.embarqmail.co
On Fri, Jul 25, 2014 at 08:14:14PM +0200, BlueStar88 wrote:
> It is a difference to talk about MUA-MTA or MTA-MTA connections
> (client-server role or server-server role). It's quite easy for MTAs, to
> have proper client certificates, to show perfect host integrity to other
> MTAs. Maybe it is ti
On Fri, 25 Jul 2014 20:14:14 +0200
BlueStar88 wrote:
>>> I think the server checks, if the peer hostname fits the CN.
>>
>>It does not.
>
>It should. Since strictness to a given security level is a) a decision of each
>MX node itself and b) must cover both directions in my opinion. Having only
On Fri, 11 Jul 2014 12:53:36 -0400 (EDT)
wie...@porcupine.org (Wietse Venema) wrote:
>BlueStar88:
>> for quite some while. I can see successful chain walks on inbound
>> connections resulting in "Trusted TLS connection established from".
>
>"Trusted" verifies the CA chain, not the client DNS name.
On Fri, Jul 25, 2014 at 11:50:22AM -0500, Noel Jones wrote:
> On 7/24/2014 10:58 PM, Will Yardley wrote:
> > On Wed, Jul 23, 2014 at 10:51:41AM -0500, Noel Jones wrote:
> >>> and then have
> >>> recommended =
> >>
> >> Yes, that should work as expected.
> >
> > This seemed to work as expected in
On Fri, Jul 25, 2014 at 10:09:08AM -0400, Wietse Venema wrote:
> Will Yardley:
> > > Actually, behavior depends on the parent_domain_matches_subdomains
> > > setting.
> So the present behavior is as if smtpd_client_event_limit_exceptions
> is not listed in parent_domain_matches_subdomains. It bor
On 7/24/2014 10:58 PM, Will Yardley wrote:
> On Wed, Jul 23, 2014 at 10:51:41AM -0500, Noel Jones wrote:
>>> and then have
>>> recommended =
>>
>> Yes, that should work as expected.
>
> This seemed to work as expected in my tests on 2.6.x. However, on 2.3.3,
> I get:
>
> postfix/smtpd[5673]: fat
On Fri, 2014-07-25 at 10:35 -0400, Wietse Venema wrote:
> Chris:
> > Jul 24 17:37:07 localhost postfix/qmgr[12001]: 1785111C10E8:
> > from=, size=14170, nrcpt=1 (queue active)
> > Jul 24 17:37:08 localhost postfix/error[988]: 1785111C10E8:
> > to=, relay=none, delay=1.2, delays=0.55/0.41/0/0.24,
>
Chris:
> Jul 24 17:37:07 localhost postfix/qmgr[12001]: 1785111C10E8:
> from=, size=14170, nrcpt=1 (queue active)
> Jul 24 17:37:08 localhost postfix/error[988]: 1785111C10E8:
> to=, relay=none, delay=1.2, delays=0.55/0.41/0/0.24,
> dsn=5.0.0, status=bounced (smtp.embarqmail.com:587)
...
> Here is
On Fri, 2014-07-25 at 07:02 -0400, Wietse Venema wrote:
> Chris:
> > This is a stand-alone system. I'm using postfix to forward to myself
> > outputs of various cron-jobs and reporting spam to s...@uce.gov. I have
> > postfix up and running on this new box as it was before the crash a
> > couple of
Will Yardley:
> > Actually, behavior depends on the parent_domain_matches_subdomains
> > setting. The default setting includes mynetworks, meaning that
> > example.com will match host.example.com by default. With mynetworks
> > removed from from parent_domain_matches_subdomains, .example.com
> > w
Martin Vegter:
> > On 07/25/2014 01:09 PM, Wietse Venema wrote:
> > Martin Vegter:
> >>
> >> It happened to me that NFS was down (or simply unmounted),
> >> $HOME/mail/Inbox did not exist, and new mail could not be delivered. I
> >> would have expected that Postfix would keep it until it can delive
> Actually, behavior depends on the parent_domain_matches_subdomains
> setting. The default setting includes mynetworks, meaning that
> example.com will match host.example.com by default. With mynetworks
> removed from from parent_domain_matches_subdomains, .example.com
> will match host.example.c
> On 07/25/2014 01:09 PM, Wietse Venema wrote:
> Martin Vegter:
>>
>> It happened to me that NFS was down (or simply unmounted),
>> $HOME/mail/Inbox did not exist, and new mail could not be delivered. I
>> would have expected that Postfix would keep it until it can deliver it
>> to users mailbox, b
Konstantin:
> Hi
>
> My postfix server have amavis as before-queue filter.
> When message accepted sender receive following from my mx:
> "250 2.0.0 from SMTP(smtp:[127.0.0.1]:10081): 250 2.0.0 Ok: queued as
> 8hKVdC2v93"
>
> Is there any way to hide this section?
> 250 2.0.0 from SMTP(smtp:[127.
Am 25.07.2014 15:03, schrieb Konstantin:
> My postfix server have amavis as before-queue filter.
> When message accepted sender receive following from my mx:
> "250 2.0.0 from SMTP(smtp:[127.0.0.1]:10081): 250 2.0.0 Ok: queued as
> 8hKVdC2v93"
>
> Is there any way to hide this section?
> 250 2.
Hi
My postfix server have amavis as before-queue filter.
When message accepted sender receive following from my mx:
"250 2.0.0 from SMTP(smtp:[127.0.0.1]:10081): 250 2.0.0 Ok: queued as
8hKVdC2v93"
Is there any way to hide this section?
250 2.0.0 from SMTP(smtp:[127.0.0.1]:10081):
Thanks.
--
*
li...@rhsoft.net:
> i am about enable compiler warnings for software we are
> building from source and try to report things upstream
Do not turn on -Wunused-result.
Wietse
>
> debug_process.c:61:11: warning: ignoring return value of 'system', declared
> with attribute warn_unused_result
i am about enable compiler warnings for software we are
building from source and try to report things upstream
___
debug_process.c:61:11: warning: ignoring return value of 'system', declared
with attribute warn_unused_result
[-Wunused-result
Thanks for your suggestions.
Wietse Venema:
> Wietse Venema:
> > Will Yardley:
> > > On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote:
> > > > This isn't an access map, and doesn't have the network notation
> > > > searches built into access maps. See the docs on mynetworks for the
> > > > syntax supported here:
> >
Wietse Venema:
> Will Yardley:
> > On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote:
> > > This isn't an access map, and doesn't have the network notation
> > > searches built into access maps. See the docs on mynetworks for the
> > > syntax supported here:
> > > http://www.postfix.org/po
Martin Vegter:
[ Charset ISO-8859-1 converted... ]
> Hello,
>
> I am using Postfix with Maildir format, where user's mail is delivered
> to $HOME/mail/Inbox and the home is mounted from NFS.
>
> It happened to me that NFS was down (or simply unmounted),
> $HOME/mail/Inbox did not exist, and new m
Chris:
> This is a stand-alone system. I'm using postfix to forward to myself
> outputs of various cron-jobs and reporting spam to s...@uce.gov. I have
> postfix up and running on this new box as it was before the crash a
> couple of weeks ago and the cronjob reports are coming in correctly.
> This
Will Yardley:
> On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote:
> > This isn't an access map, and doesn't have the network notation
> > searches built into access maps. See the docs on mynetworks for the
> > syntax supported here:
> > http://www.postfix.org/postconf.5.html#mynetworks
>
Hello,
I am using Postfix with Maildir format, where user's mail is delivered
to $HOME/mail/Inbox and the home is mounted from NFS.
It happened to me that NFS was down (or simply unmounted),
$HOME/mail/Inbox did not exist, and new mail could not be delivered. I
would have expected that Postfix wo
Am 25.07.2014 um 04:45 schrieb Ian Evans:
I'm currently running postfix in two places. I have a fully functioning
postfix email server for my site's domain and at home I have postfix
installed to allow my home server to send alert messages.
The home server is relaying through my home ISP's smtp
Am 25.07.2014 10:41, schrieb Roberto Carraro:
> Could someone please explain this log excerpt? I'm particularly
> interested in the postfix/bounce and postfix/smtp part.
>
> I fear that could be a FAQ, but I'd be very grateful if someone
> could point me to a meaningful documentation or give me
Could someone please explain this log excerpt? I'm particularly
interested in the postfix/bounce and postfix/smtp part.
Jul 24 06:35:04 robhost postfix/smtpd[6134]: connect from
smtp-026.c01.mta.kqumg.it[89.186.67.125]
Jul 24 06:35:04 robhost postfix/policy-spf[6158]: Policy action=PREPEND
Rec
44 matches
Mail list logo
