On Sat, Aug 22, 2015 at 07:37:47AM -0700, Alice Wonder wrote:
> >If they really wanted to make a difference, they'd send patches,
> >not fork the project. I've seen very little by way of upstream
> >contributions.
> >
>
> One of the reasons they forked is because there were issue WITH PATCHES in
On 08/22/2015 08:30 AM, Viktor Dukhovni wrote:
It is best to hold off on posting gut instict reactions. Get
acquainted with the problem, think about the issues for some weeks
or months, come back later and share what you've learned.
Quit being so damn arrogant.
Seriously.
Geez and I tho
On Sat, Aug 22, 2015 at 07:42:45AM -0700, Alice Wonder wrote:
> >If you don't create README files in your certificate directory,
> >add comments to Postfix configuration files, or otherwise create
> >reminders for yourself to not forget to do it right, perhaps DANE
> >is not right for you. "Deplo
Zitat von Viktor Dukhovni :
Until now, most DANE deployments have been on small hobbyist
machines, by people who mostly don't correspond with each other.
So if a particular domain's TLSA RRs were broken, nobody noticed.
This is about to change. The German email providers web.de and
gmx.de hav
On 08/22/2015 07:42 AM, Alice Wonder wrote:
On 08/22/2015 06:23 AM, Viktor Dukhovni wrote:
Until now, most DANE deployments have been on small hobbyist
machines, by people who mostly don't correspond with each other.
So if a particular domain's TLSA RRs were broken, nobody noticed.
This is
On 08/22/2015 06:23 AM, Viktor Dukhovni wrote:
Until now, most DANE deployments have been on small hobbyist
machines, by people who mostly don't correspond with each other.
So if a particular domain's TLSA RRs were broken, nobody noticed.
This is about to change. The German email providers we
On 08/22/2015 06:08 AM, Viktor Dukhovni wrote:
On Wed, Aug 19, 2015 at 12:58:38PM -0700, Alice Wonder wrote:
``You also turn on thousands and thousands of lines of OpenSSL library code.
Assuming that OpenSSL is written as carefully as Wietse's own code, every
1000 lines introduce one addition
Alexandre Ellert:
> As far as I understand, the documentation says that the size
> attribute is set by the sender. So the size is not computed by
Unfortunately, Postfix cannott predict the future (if it could,
then I would be doing something else).
Before the entire message is received, Postfix u
On Sat, Aug 22, 2015 at 02:06:42PM +0200, Alexandre Ellert wrote:
> I have two Postfix inbound servers which serve multiple domain and I'd
> like to accept 20 Mb email for all domain except one (I want 10 Mb limit
> for this one).
> In main.cf I set message_size_limit = 20971520 and I use a polic
Until now, most DANE deployments have been on small hobbyist
machines, by people who mostly don't correspond with each other.
So if a particular domain's TLSA RRs were broken, nobody noticed.
This is about to change. The German email providers web.de and
gmx.de have announced upcoming DANE suppor
On Wed, Aug 19, 2015 at 12:58:38PM -0700, Alice Wonder wrote:
> ``You also turn on thousands and thousands of lines of OpenSSL library code.
> Assuming that OpenSSL is written as carefully as Wietse's own code, every
> 1000 lines introduce one additional bug into Postfix.''
>
> We now know OpenSS
On Sat, Aug 22, 2015 at 05:33:20AM -0700, Alice Wonder wrote:
> >https://tools.ietf.org/html/draft-ietf-dane-ops-16#section-5.1
> >
> >More specifically, it is RECOMMENDED that at most sites TLSA records
> >published for DANE servers be "DANE-EE(3) SPKI(1) SHA2-256(1)"
> >records. Sel
On 08/22/2015 05:27 AM, Viktor Dukhovni wrote:
On Sat, Aug 22, 2015 at 05:24:03AM -0700, Alice Wonder wrote:
The certificate is a 1 0 1 and not a 3 0 1
It seems to suggest that I change the TLSA record to 3 0 1
Or even better a "3 1 1".
Why is hash of SubjectPublicKeyInfo preferred over
On Sat, Aug 22, 2015 at 05:24:03AM -0700, Alice Wonder wrote:
> >>The certificate is a 1 0 1 and not a 3 0 1
> >>
> >>It seems to suggest that I change the TLSA record to 3 0 1
> >
> >Or even better a "3 1 1".
>
> Why is hash of SubjectPublicKeyInfo preferred over hash of the actual
> certificate
On 08/22/2015 05:20 AM, Viktor Dukhovni wrote:
---
The certificate is a 1 0 1 and not a 3 0 1
It seems to suggest that I change the TLSA record to 3 0 1
Or even better a "3 1 1".
Why is hash of SubjectPublicKeyInfo preferred over hash of the actual
certificate?
> On Aug 21, 2015, at 11:34 PM, Viktor Dukhovni
> wrote:
>
> On Wed, Aug 19, 2015 at 06:44:05PM -0400, Ben Greenfield wrote:
>
We receive a lot of spam that have very rare top level domains .site,
.link, .website, .eu.
>>>
>>> It is wrong to black TLDs, even if initially they appe
On Fri, Aug 21, 2015 at 10:41:49PM -0700, Alice Wonder wrote:
> I received a rather weird e-mail, it seems to have been generated by an MTA
> because it was sent to the e-mail listed as the contact in my certificate,
> the e-mail listed in whois for my domain, and the postmaster e-mail.
Sorry my
Hello,
I have two Postfix inbound servers which serve multiple domain and I'd like to
accept 20 Mb email for all domain except one (I want 10 Mb limit for this one).
In main.cf I set message_size_limit = 20971520 and I use a policy server
(postfwd) to check the recipient and the mail size.
I con
I think I might have guessed the reasoning.
The IETF draft is rather long, hard for me to read it, I will try but I
lose concentration quickly, and I did not detect the reason within it.
I think however that maybe the issue has to do with DANE libraries.
If a 0 x x or a 1 x x record is used,
19 matches
Mail list logo
