> On Dec 6, 2017, at 8:08 PM, micah wrote:
>
> Is there any reason why postfix, when compiled with TLS, can simply set
> the default to 'may'?
This is easy enough to implement, the only complication is
that the documentation would need to explain the variable
default.
> If it is compiled with
Wietse Venema writes:
> Noel Jones:
>> On 12/6/2017 1:39 PM, Viktor Dukhovni wrote:
>> >
>> > As for changing the default, I am not opposed, perhaps given the
>> > changes in the SMTP ecosystem since 2014:
>> >
>> > https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:15125
>>and stop accepting mail via SMTP that has an unknown sender address
(it does not block unknown senders with the Postfix 'sendmail'
command).
I Just changed the original sender to post here
>> eh? why?
Because with only a mx record our clients can recieve message in domains
created in Exchang
>>and stop accepting mail via SMTP that has an unknown sender address
(it does not block unknown senders with the Postfix 'sendmail'
command).
I Just changed the original sender to post here
>> eh? why?
Because with only a mx record our clients can recieve message in domains
created in Exchange a
On 12/6/2017 3:24 PM, Wietse Venema wrote:
>
> How would one recognize 'first-time' installation? If that helps
> only the tiny minority of sites that install Postfix from source,then
> it does not seem to be a good target. Better to get the vendors to
> run those commands instead.
>
> Wiet
Noel Jones:
> On 12/6/2017 1:39 PM, Viktor Dukhovni wrote:
> >
> > As for changing the default, I am not opposed, perhaps given the
> > changes in the SMTP ecosystem since 2014:
> >
> > https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:151251840;series:inbound;start:13
> On Dec 6, 2017, at 3:33 PM, J Doe wrote:
>
> I am guessing that would extend to most SATCOM connections (Iridium, etc.),
> as well ?
Satellite relays aren't necessarily low bandwidth, that's often not a problem,
what you can't avoid is high(er) latency[1].
--
Viktor.
[1] "Money c
Hi Wietse,
> On Dec 6, 2017, at 8:00 AM, Wietse Venema wrote:
>
> Viktor Dukhovni:
>
> With TLS turned on, the deadline is enforced per TLS message, which
> can be up to 16kbytes. 16kbytes in 10s would be difficult with a
> dialup or low-tech cellular network.
>
>Wietse
>
>Wietse
I a
On 12/6/2017 1:39 PM, Viktor Dukhovni wrote:
>
> As for changing the default, I am not opposed, perhaps given the
> changes in the SMTP ecosystem since 2014:
>
> https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:151251840;series:inbound;start:138853440&lu=encrypt_i
> On Dec 6, 2017, at 2:27 PM, micah wrote:
>
> I'm sorry, I meant 'smtp_tls_security_level = may' - not
> smtpd_tls_security_level.
>
> You are correct that smtpd_tls_security_level would need a certificate,
> but 'smtp_tls_security_level' does not, and as an opportunistic mode, it
> is design
Viktor Dukhovni writes:
>> On Dec 6, 2017, at 1:41 PM, micah wrote:
>>
main.cf
smtpd_tls_security_level = may
>>
>> Is there a reason why 'smtpd_tls_security_level = may' is not default in
>> postfix? What needs to be done to make it default? It seems harmless to
>> have that enabled
> On Dec 6, 2017, at 1:41 PM, micah wrote:
>
>>> main.cf
>>> smtpd_tls_security_level = may
>
> Is there a reason why 'smtpd_tls_security_level = may' is not default in
> postfix? What needs to be done to make it default? It seems harmless to
> have that enabled by default, with no negative ef
Viktor Dukhovni writes:
>> On Dec 6, 2017, at 10:21 AM, li...@mbchandler.net wrote:
>>
>> main.cf
>> smtpd_tls_security_level = may
Is there a reason why 'smtpd_tls_security_level = may' is not default in
postfix? What needs to be done to make it default? It seems harmless to
have that enabled
> On Dec 6, 2017, at 10:21 AM, li...@mbchandler.net wrote:
>
> main.cf
> smtpd_tls_security_level = may
>
> smtpd_sender_restrictions =
> check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr
>
> enforced_inbound_tls.cidr
> 10.0.0.0/8 reject_plaintext_session
>
> My questi
I'm enforcing inbound TLS from my internal network with these settings:
main.cf
smtpd_tls_security_level = may
smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr
enforced_inbound_tls.cidr
10.0.0.0/8 reject_plaintext_session
My question is,
Allen Coates:
> Is there any way of making a bad email address (eg a spam-trap) reject
> an entire multi-destination transaction?
>
> If one RCPT TO command is to a spamtrap address, then that message will
> be spam; you do not want it being delivered to any other (genuine) RCPT
> TO destinations
Viktor Dukhovni:
>
>
> > On Dec 5, 2017, at 10:24 PM, J Doe wrote:
> >
> > That actually reminded me of something that crossed my mind, today - I
> > forgot about the inherently dynamic nature of routing.
> >
> > Even though my server is within North America and it is extremely likely
> > th
Is there any way of making a bad email address (eg a spam-trap) reject
an entire multi-destination transaction?
If one RCPT TO command is to a spamtrap address, then that message will
be spam; you do not want it being delivered to any other (genuine) RCPT
TO destinations.
Allen C
18 matches
Mail list logo
