On Fri, Jun 12, 2015, at 09:33 PM, Noel Jones wrote:
> I don't intend to insult you, and apologize if you interpreted it
> that way. If you have a question, please ask it.
Thanks. Moving on.
Goal
I don't want to lose mail if the back-end server connection is offline
for an extended pe
On 6/12/2015 8:52 PM, Forrest wrote:
> Noel, here is the output from postconf -n (sanitized). Thank you.
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> body_checks = regexp:/etc/postfix/body_checks
> body_checks_size_limit = 51200
> command_directory = /usr/sbin
> compa
On 6/12/2015 8:11 PM, PGNd wrote:
> On Fri, Jun 12, 2015, at 05:57 PM, Noel Jones wrote:
>> I think a careful reading of
>> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>> will answer all your questions.
>
> Actually, no.
>
> It was a careful reading of that document, including each of
Noel, here is the output from postconf -n (sanitized). Thank you.
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks
body_checks_size_limit = 51200
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/p
On Fri, Jun 12, 2015, at 05:57 PM, Noel Jones wrote:
> I think a careful reading of
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> will answer all your questions.
Actually, no.
It was a careful reading of that document, including each of the references
that you've made -- as pointed
I think a careful reading of
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
will answer all your questions.
The address probe happens before the incoming message is queued. If
the probe temp-fails, the incoming message is rejected with
unverified_recipient_defer_code, default 450. The ou
On 6/12/2015 6:19 PM, Forrest wrote:
> I just realized my config doesn't appear to be using SASL, though I
> compiled it with the correct libs and flags (from makedefs.out):
>
> SYSLIBS = -lssl -lcrypto -L/usr/lib/sasl -lsasl2 -lpcre -ldb -lnsl
> -lresolv -ldl
> CC = gcc -I. -I../../include -
The general gist of my lengthy question is --
I have 2 physically separated Postfix instances, the 1st uses remote address
verification queries agains the 2nd.
What happens when the connection between them goes down?
Currently, the remote postfix instance provides
postscreen -- smtpd_*_
I just realized my config doesn't appear to be using SASL, though I
compiled it with the correct libs and flags (from makedefs.out):
SYSLIBS = -lssl -lcrypto -L/usr/lib/sasl -lsasl2 -lpcre -ldb -lnsl
-lresolv -ldl
CC = gcc -I. -I../../include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DUSE_TLS -I/
Thanks, Viktor, for clarifying all this. Very helpful :-)
Forrest
On 6/12/15 12:31 PM, Viktor Dukhovni wrote:
On Fri, Jun 12, 2015 at 12:07:15PM -0400, Forrest wrote:
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIM
On 12 Jun 2015, at 11:05, Forrest wrote:
Since upgrading to Postfix, my system is seeing a lot of this
activity. My prior config was Sendmail 8 with Cyrus SASL which did
not.
This is a pure coincidence. I administer multiple mail servers running
Postfix. CommunigatePro, and Sendmail, and A
On Fri, Jun 12, 2015 at 07:27:51PM +0300, Liutauras Adomaitis wrote:
> > > dict_ldap_get_values[1]: search returned 24 value(s) for requested
> result
> > > attribute associateddomain
> > > 2015-06-10T15:29:32.267793+02:00 mx05 postfix/smtpd[28480]:
> > > dict_ldap_get_values[1]: Leaving dict_ldap
On Fri, Jun 12, 2015 at 12:07:15PM -0400, Forrest wrote:
> >>My server advertises (EHLO):
> >>
> >>250-PIPELINING
> >>250-SIZE [ omitted ]
> >>250-ETRN
> >>250-STARTTLS
> >>250-ENHANCEDSTATUSCODES
> >>250 8BITMIME
> >
> >No SASL AUTH there.
>
> Hm. Interesting, thanks for pointing that obvious th
On Jun 12, 2015 7:04 PM, "Viktor Dukhovni"
wrote:
>
> On Fri, Jun 12, 2015 at 06:54:21PM +0300, Liutauras Adomaitis wrote:
>
> > I need to debug delivery problems from certain IP. For that I add this
IP
> > to main.cf debug_peer_list and restart postfix. All looks fine,
connections
> > from that I
On 6/12/15 11:50 AM, Viktor Dukhovni wrote:
On Fri, Jun 12, 2015 at 11:05:42AM -0400, Forrest wrote:
My prior config was Sendmail 8 with Cyrus SASL which did not. My guess
from this log is that AUTH is taking place unencrypted, which may be the
cause?
Surely dictionary attacks on SASL were al
On Fri, Jun 12, 2015 at 06:54:21PM +0300, Liutauras Adomaitis wrote:
> I need to debug delivery problems from certain IP. For that I add this IP
> to main.cf debug_peer_list and restart postfix. All looks fine, connections
> from that IP produces a verbose logs, however there is a gap of 30s in th
Hi postfix users,
I wonder if there is anyone who experienced the issue like me and what is
the cause/solution for it.
I need to debug delivery problems from certain IP. For that I add this IP
to main.cf debug_peer_list and restart postfix. All looks fine, connections
from that IP produces a verb
On Fri, Jun 12, 2015 at 11:05:42AM -0400, Forrest wrote:
> My prior config was Sendmail 8 with Cyrus SASL which did not. My guess
> from this log is that AUTH is taking place unencrypted, which may be the
> cause?
Surely dictionary attacks on SASL were also launched against
Sendmail... Was ther
THank you for the clarifications, makes sense.
Regards
Jithesh
On Fri, 12 Jun 2015 06:47:06 -0700, Kris Deugau wrote:
Jithesh AP wrote:
This does not work - telnet ml.w8timez.com 465
This works - openssl s_client -connect ml.w8timez.com:465
Unless you've redefined the behaviour, this is e
Since upgrading to Postfix, my system is seeing a lot of this
activity. My prior config was Sendmail 8 with Cyrus SASL which did
not. My guess from this log is that AUTH is taking place unencrypted,
which may be the cause?
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
25
Jithesh AP wrote:
> This does not work - telnet ml.w8timez.com 465
> This works - openssl s_client -connect ml.w8timez.com:465
Unless you've redefined the behaviour, this is exactly correct; port
465 expects an SSL handshake before any other traffic. Plain telnet
won't do you much good unless y
21 matches
Mail list logo
