-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/25/2015 02:49 PM, Noel Jones wrote:
> Postfix logs all connections. Does the postfix smtp transport log
> a connection at the same time as your proxy detects a connection?
>
Where are the logs stored?
> Are you using some monitoring softwar
On 5/25/2015 4:10 PM, James Moe wrote:
> On 05/25/2015 01:02 PM, Wietse Venema wrote:
>> James Moe:
>
>> Postfix logs all connections.
>
> Where?
>
>> Why do you think that Postfix is pinging hosts?
>
> I first noticed the pings in the SMTP proxy logs. Further
> investigation with wireshark ga
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/25/2015 01:02 PM, Wietse Venema wrote:
> James Moe:
>
> Postfix logs all connections.
>
Where?
> Why do you think that Postfix is pinging hosts?
>
I first noticed the pings in the SMTP proxy logs. Further
investigation with wireshark gave
Am Montag, den 25.05.2015, 16:27 +0200 schrieb Sebastian Nielsen:
> I would suggest explicity null:ing the SPF signature instead of passing it,
> for list mail.
> This is done with "v=spf1 ?all"
>
> A "null" SPF signature is same as no signature at all (same as if the SPF
> record didnt exist at
James Moe:
> Recently I have noticed brief connections to the SMTP port from my
> local postfix installation that do nothing: It sends the "EHLO
> whatever" command, immediately followed by the "QUIT" command.
> Basically, Postfix is pinging the SMTP server to... do something?
Postfix logs all con
On Mon, 25 May 2015 13:52:07 +, Viktor Dukhovni stated:
> -o smtpd_tls_dh1024_param_file=$msa_tls_dh1024_param_file
Is that correct? It doesn't look right.
--
Jerry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
postfix 2.? (How do I get the version?)
linux 3.16.7-21-desktop x86_64
Our spam filter logs all traffic that flows through it; it is
proxy-style filter rather than an add-on for a mail server.
Recently I have noticed brief connections to the SMTP po
On 25 May 2015, at 15:52, Viktor Dukhovni wrote:
> On Mon, May 25, 2015 at 02:35:38PM +0200, DTNX Postmaster wrote:
>
>> No, not for submission, where clients will submit their authentication
>> details, allowing them to bypass most of the restrictions that are in
>> place for MTA to MTA commu
I would suggest explicity null:ing the SPF signature instead of passing it,
for list mail.
This is done with "v=spf1 ?all"
A "null" SPF signature is same as no signature at all (same as if the SPF
record didnt exist at all), which will pass your mail into your mailsystem,
but the mail will not
On Mon, May 25, 2015 at 02:35:38PM +0200, DTNX Postmaster wrote:
> No, not for submission, where clients will submit their authentication
> details, allowing them to bypass most of the restrictions that are in
> place for MTA to MTA communication.
No, even for the MSA, disable all the deprecate
Hi all,
this is not a Postfix specific question, but I hope I'll find some
experts on that topic here ;)
A long time ago I've implemented SPF/DKIM/DMARC signing/checking for the
two domains served by my Postfix instance. As everything seemed to work
fine, I recently moved from "permissive" to "st
On 25 May 2015, at 14:35, DTNX Postmaster wrote:
> On 25 May 2015, at 13:23, Viktor Dukhovni wrote:
>
>> On Mon, May 25, 2015 at 10:36:24AM +0200, DTNX Postmaster wrote:
>>
>>> I am talking about the MSA here, Viktor, not MTA to MTA traffic. That's
>>> what the previous poster was asking abou
On 25 May 2015, at 13:23, Viktor Dukhovni wrote:
> On Mon, May 25, 2015 at 10:36:24AM +0200, DTNX Postmaster wrote:
>
>> I am talking about the MSA here, Viktor, not MTA to MTA traffic. That's
>> what the previous poster was asking about;
>
> My advice stands. Avoid overly explicit cipher lis
On Mon, May 25, 2015 at 10:36:24AM +0200, DTNX Postmaster wrote:
> I am talking about the MSA here, Viktor, not MTA to MTA traffic. That's
> what the previous poster was asking about;
My advice stands. Avoid overly explicit cipher lists. Go with
broad categories, with some exclusions as necess
On 25 May 2015, at 01:57, Viktor Dukhovni wrote:
> On Sun, May 24, 2015 at 08:00:30PM +0200, DTNX Postmaster wrote:
>
>> Assuming you are talking about the MSA (submission) and not MTA to MTA
>> traffic, you can cover the vast majority of the scenarios with the
>> following cipher selection st
> No. Parameter expansion is recursive, and this yields an infinite loop.
> The default value is never used when you override a parameter.
>
> You need to cut/paste the default value into the replacement. There
> is no support for prepend or append.
I see.
Yannik
16 matches
Mail list logo
