Re: 3.4-20180605-nonprod tlsproxy permissions

2018-06-13 Thread Wietse Venema
Noel Jones: > On 6/13/2018 11:19 AM, Viktor Dukhovni wrote: > > > > > >> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote: > >> > >> Maybe tlsproxy is dropping permissions too soon? > > > > Because it serves multiple SMTP delivery agents, with > > potentially different client certs, it can't obta

Re: 3.4-20180605-nonprod tlsproxy permissions

2018-06-13 Thread Noel Jones
On 6/13/2018 11:19 AM, Viktor Dukhovni wrote: > > >> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote: >> >> Maybe tlsproxy is dropping permissions too soon? > > Because it serves multiple SMTP delivery agents, with > potentially different client certs, it can't obtain > the certs in advance. Th

Re: 3.4-20180605-nonprod tlsproxy permissions

2018-06-13 Thread Viktor Dukhovni
> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote: > > Maybe tlsproxy is dropping permissions too soon? Because it serves multiple SMTP delivery agents, with potentially different client certs, it can't obtain the certs in advance. The solution is to serialize the client cert and key and pass

3.4-20180605-nonprod tlsproxy permissions

2018-06-13 Thread Noel Jones
Using postfix 3.4-20180605-nonprod as a gateway to an internal server, with a tls policy of "secure". 3.4-20180605-nonprod has been running *without* connection reuse for a couple days error-free. When I set smtp_tls_connection_reuse=yes, I get: Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: wa

Re: exclude specific external IP from postfix blacklists

2018-06-13 Thread Wietse Venema
Poliman - Serwis: > Thank you, I will check it. Yesterday night I did: > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok}, > reject_unauth_destination, reject_rbl_client zen.spamhaus.org, > check_recipient_access mysql:/etc

Re: exclude specific external IP from postfix blacklists

2018-06-13 Thread Poliman - Serwis
Thank you, I will check it. Yesterday night I did: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok}, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recip

Re: exclude specific external IP from postfix blacklists

2018-06-13 Thread Matus UHLAR - fantomas
On 12.06.18 09:10, Poliman - Serwis wrote: Thank you for answer. I have in main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/ mysql-virtual_recipient.cf, ch