Re: hostname does not resolve

On Sun, Feb 01, 2015 at 05:50:44AM +0100, li...@rhsoft.net wrote: > Am 01.02.2015 um 05:45 schrieb Viktor Dukhovni: > >On Sun, Feb 01, 2015 at 05:11:15AM +0100, li...@rhsoft.net wrote: > >>>Nearly every SMTP client using an IP with a PTR whose name does not > >>>resolve back to that IP sends nothi

Re: hostname does not resolve

Am 01.02.2015 um 05:45 schrieb Viktor Dukhovni: On Sun, Feb 01, 2015 at 05:11:15AM +0100, li...@rhsoft.net wrote: Nearly every SMTP client using an IP with a PTR whose name does not resolve back to that IP sends nothing but spam bullshit - in the real world that's not true The message you

Re: hostname does not resolve

On Sun, Feb 01, 2015 at 05:11:15AM +0100, li...@rhsoft.net wrote: > >Nearly every SMTP client using an IP with a PTR whose name does not > >resolve back to that IP sends nothing but spam > > bullshit - in the real world that's not true The message you were responding too was generally helpful wi

Re: Am I backscattering?

On 31 Jan 2015, at 21:10, LuKreme wrote: On Jan 31, 2015, at 5:21 PM, Wietse Venema wrote: LuKreme: On Jan 31, 2015, at 4:55 PM, LuKreme wrote: On Jan 31, 2015, at 4:23 PM, Wietse Venema wrote: LuKreme: Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: to=, orig_to=, relay=do

Re: hostname does not resolve

Am 01.02.2015 um 04:59 schrieb Bill Cole: On 31 Jan 2015, at 17:33, LuKreme wrote: What should I do about these warnings? Is there any reason not to reject the IPs in question? And if not, how do I do so? mail_version = 2.11.3 warning hostname 102-253-144-216.static.reverse.lstn.net does not r

Re: hostname does not resolve

On 31 Jan 2015, at 17:33, LuKreme wrote: What should I do about these warnings? Is there any reason not to reject the IPs in question? And if not, how do I do so? mail_version = 2.11.3 warning hostname 102-253-144-216.static.reverse.lstn.net does not resolve to address 216.144.253.102 hostna

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: > The start was just date stamp info and PID: > > Jan 31 01:52:10 mail postfix/smtpd[62297]: warning: TLS library problem: > error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate:s3_pkt.c:1293:SSL alert number 42: Whi

Re: Am I backscattering?

> On Jan 31, 2015, at 5:21 PM, Wietse Venema wrote: > > LuKreme: >> >>> On Jan 31, 2015, at 4:55 PM, LuKreme wrote: >>> >>> On Jan 31, 2015, at 4:23 PM, Wietse Venema wrote: LuKreme: > Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: > to=, orig_to=, > re

Re: Am I backscattering?

LuKreme: > > > On Jan 31, 2015, at 4:55 PM, LuKreme wrote: > > > > > >> On Jan 31, 2015, at 4:23 PM, Wietse Venema wrote: > >> > >> LuKreme: > >>> Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: > >>> to=, orig_to=, > >>> relay=dovecot, delay=0.13, delays=0.1/0.01/0/0.03, dsn=5.1.1,

Re: TLS Library Problem

On Jan 31, 2015, at 4:28 PM, Viktor Dukhovni wrote: > On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: > >> Since I am not seeing a load of these, I am assuming this is indicating the >> error is on the other end? >> >> TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:ss

Re: Am I backscattering?

> On Jan 31, 2015, at 4:55 PM, LuKreme wrote: > > >> On Jan 31, 2015, at 4:23 PM, Wietse Venema wrote: >> >> LuKreme: >>> Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: >>> to=, orig_to=, relay=dovecot, >>> delay=0.13, delays=0.1/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown)

Re: Am I backscattering?

> On Jan 31, 2015, at 4:23 PM, Wietse Venema wrote: > > LuKreme: >> Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: >> to=, orig_to=, relay=dovecot, >> delay=0.13, delays=0.1/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown) > > That will produce backscatter. Why did you accept an

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: > Since I am not seeing a load of these, I am assuming this is indicating the > error is on the other end? > > TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert > bad certificate:s3_pkt.c:1293:SSL alert number 4

Re: Am I backscattering?

LuKreme: > Jan 26 14:49:53 mail postfix/pipe[44273]: E64DA50D3A1: > to=, orig_to=, relay=dovecot, > delay=0.13, delays=0.1/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown) That will produce backscatter. Why did you accept an unknown recipient? Wietse

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Viktor It's the quotes. Removed. Works. Thanks. ​Wietse ​It's a copy of the default master.cf. chroot is not turned on for any processes. chroot is explicitly turned off for all processes, chroot was clearly not the problem anyway.

TLS Library Problem

Since I am not seeing a load of these, I am assuming this is indicating the error is on the other end? TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42: -- 'There has to be enough light,' he panted, 'to see the dark

hostname does not resolve

What should I do about these warnings? Is there any reason not to reject the IPs in question? And if not, how do I do so? mail_version = 2.11.3 warning hostname 102-253-144-216.static.reverse.lstn.net does not resolve to address 216.144.253.102 hostname nor servname provided, or not known warnin

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Dmt Ops: > Wietse > > $ grep " y " /etc/postfix/master.cf That proves NOTHING. You must follow instructions in http://www.postfix.org/DEBUG_README.html#no_chroot otherwise I cannot help you. Wietse

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

On Sat, Jan 31, 2015 at 01:44:41PM -0800, Dmt Ops wrote: > 1st step, I created and installed self-signed certs & added these > smtpd_tls_* to config > > -o smtpd_use_tls=yes > -o smtpd_tls_security_level=may > -o smtpd_tls_CApath=/etc/ssl/certs > -o smtpd_tls_cert_file="/etc/ssl/m

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Wietse $ grep " y " /etc/postfix/master.cf $

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Dmt Ops: > chroot isn't enabled here. Prove it. Show evidence. Wietse

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Deron ​Just a post typo, sorry. The names match. ​ Wietse chroot isn't enabled here.

Re: on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

Dmt Ops: > Jan 31 12:37:54 mail postfix/smtpd[8337]: warning: TLS library problem: > error:...::fopen:No such file or directory:... http://www.postfix.org/DEBUG_README.html#no_chroot Wietse

on rcpt, error "cannot get RSA certificate from file "/etc/ssl/mail/myserver.crt": disabling TLS support"

​​ I've built & set up Postfix 2.11.3 on Ubuntu 64. Been reading up on list and decided to set up TLS AUTH using ccerts. 1st step, I created and installed self-singed certs & added these smtpd_tls_* to config -o smtpd_use_tls=yes -o smtpd_tls_security_level=may -o smtpd_tls_CApath=/e

Re: postqueue -f vs postqueue -i: deferred to active vs deferred to incoming

Andrew Bourgeois: > > As documented, "postqueue -i" pushes one message to the incoming > > queue, while "postqueue -f" triggers delivery of all deferred mail. > > It's not clearly stated in the man pages of postqueue and flush. But since -i queue_id Schedule immediate delivery of deferred

Re: unused parameter: mx_access=hash:/etc/postfix/mx_access

OK, I understand, it looks like we have the additional line which is wrong... must have pasted it in by accident, the correct line is the one below which is check_recipient_access hash:/etc/postfix/mx_access Thank you! On Sat, Jan 31, 2015 at 7:09 AM, li...@rhsoft.net wrote: > > Am 31.01.2015 u

Re: postqueue -f vs postqueue -i: deferred to active vs deferred to incoming

On Sat, Jan 31, 2015 at 06:11:20PM +0100, Andrew Bourgeois wrote: > > > My question is: why is that? > > > > Because of the difference: one message, instead of all. > > So it's done because of performance reasons? No, for protocol reasons. The external queue manager protocol by which pickup, cle

Re: postqueue -f vs postqueue -i: deferred to active vs deferred to incoming

On Sat, Jan 31, 2015 at 3:37 PM, Wietse Venema wrote: > Andrew Bourgeois: > > Hello > > > > stress tests indicate that Postfix 2.8.8 behaves differently when using > > "postqueue -i" compared to "postqueue -f" when it comes to handling > > deferred e-mail. > > As documented, "postqueue -i" pushes

Re: postqueue -f vs postqueue -i: deferred to active vs deferred to incoming

Andrew Bourgeois: > Hello > > stress tests indicate that Postfix 2.8.8 behaves differently when using > "postqueue -i" compared to "postqueue -f" when it comes to handling > deferred e-mail. As documented, "postqueue -i" pushes one message to the incoming queue, while "postqueue -f" triggers deli

postqueue -f vs postqueue -i: deferred to active vs deferred to incoming

Hello stress tests indicate that Postfix 2.8.8 behaves differently when using "postqueue -i" compared to "postqueue -f" when it comes to handling deferred e-mail. When using "postqueue -i" in a loop, deferred e-mail goes through the incoming queue before going through the active queue. When usin

Re: unused parameter: mx_access=hash:/etc/postfix/mx_access

Am 31.01.2015 um 05:49 schrieb Joey J: I'm getting the following when I start postfix ( literally that many times) /usr/sbin/postconf: warning: /etc/postfix/main.cf : unused parameter: mx_access=hash:/etc/postfix/mx_access Here is a section of my configuration, I cant' seem to