Wietse,
Am 14.05.20 um 16:04 schrieb Wietse Venema:
> So your best bet is to rewrite your patterns.
that's what we did now and it saves a lot of cpu cycles :-) As our
pattern matched something at beginning and at the end of the string (all
stuff between matched via patterns with * repetition) the
On 14/05/20 01:40 -0400, Viktor Dukhovni wrote:
I'f you're comfortable with gdb, and willing to build both Postfix and
OpenSSL from source with debugging symbols, then you could add a "-D"
flag to the "smtpd" entry in the /opt/postfix/etc/master.cf file, and
attach to a "screen" running a debugge
On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote:
> May 11 11:23:54 vasaconsulting postfix/smtpd[21870]: warning: TLS
> library problem: error:140E0197:SSL routines:SSL_shutdown:shutdown
> while in init:../ssl/ssl_lib.c:2086:
The patch below avoids spurious SSL_ERROR_SSL indicati
On Thu, May 14, 2020 at 06:20:17PM -0700, Alexander Vasarab wrote:
> The plot thickens.
>
> In a nutshell, the problem is "solved" by changing the virtual(8) hosts
[ That's virtual(5) by the way, but not important. ]
> to use UNIX domain sockets (rather than e.g. 127.0.0.1). In both cases,
> th
Wietse Venema:
> Thomas Strike:
> > Thought: I am assuming that Postfix is only reading from the main.cf and
> > master.cf files. Could it be possible that Postfix is trying to use
> > main.cf* and master.cf*?
>
> On 5/14/20 12:28 PM, Wietse Venema wrote:
> > Type "postfix reload" and report the m
Thomas Strike:
> Thought: I am assuming that Postfix is only reading from the main.cf and
> master.cf files. Could it be possible that Postfix is trying to use
> main.cf* and master.cf*?
On 5/14/20 12:28 PM, Wietse Venema wrote:
> Type "postfix reload" and report the main.cf filename in the logs.
On 5/14/20 2:51 PM, Wietse Venema wrote:
Thomas Strike:
The following cryptic line is given as the reason;
.
.
.
.
BOUNCE postfix-users@postfix.org: Admin request of type /^\s*config\b/i
at line 3
How do I correct this?
Look at line 3 of the rejected email message.
Wie
Which logs are you talking about. After setting up Postfix and Dovcot,
everything reports to var/log/maillog. Postfix doesn't report it's conf
files that it loaded from there, only that it reloaded. Is there other
logs hidden somewhere?
On 5/14/20 12:28 PM, Wietse Venema wrote:
Thomas Strike:
Thomas Strike:
> The following cryptic line is given as the reason;
>
> .
>
> .
>
> .
>
> .
>
> BOUNCE postfix-users@postfix.org: Admin request of type /^\s*config\b/i
> at line 3
>
>
> How do I correct this?
Look at line 3 of the rejected email message.
Wietse
On 5/14/20 2:33 PM, Ralph Seichter wrote:
* Thomas Strike:
The following cryptic line is given as the reason
Not quite cryptic, just a regular expression. ;-) Make sure your subject
line does not match this expression (the first case-insensitive word of
the subject, after 0-n optional consec
* Thomas Strike:
> The following cryptic line is given as the reason
Not quite cryptic, just a regular expression. ;-) Make sure your subject
line does not match this expression (the first case-insensitive word of
the subject, after 0-n optional consecutive spaces, must not be "config").
-Ralph
The following cryptic line is given as the reason;
.
.
.
.
BOUNCE postfix-users@postfix.org: Admin request of type /^\s*config\b/i
at line 3
How do I correct this?
I am a novice to Postfix and only have to deal with setting up a new
mail server every couple of years or so. This is only my 3rd time
setting Postfix up in the past 10 years. Over time things change and
every time I do this I have to learn it all over again. With all the
extensive configuratio
On Thu, May 14, 2020 at 02:38:09PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > Alternatively, we could siglongjmp() out of a segfault handler, enabled
> > around PCRE lookups, leaking whatever heap space libpcre may have
> > allocated along the way, and log a more informative message, and t
I think it is a fundamental question on what your goal is: To
send/receive mail under any circumstance or force a minimum security
level.
With that it is important to distinguish between receiving mail and
sending. The issue with leaving every old option available is, that
broken tls versions or pl
On Thu, May 14, 2020 at 09:07:29AM -0300, SysAdmin EM wrote:
> postfix-out/smtp[12931]: E30639204ED: to=,
> relay=hotmail-com.olc.protection.outlook.com[104.47.124.33]:25,
> delay=1.4, delays=0.08/0/1.4/0, dsn=5.5.4, status=bounced
> (host hotmail-com.olc.protection.outlook.com[104.47.124.33]
> re
Viktor Dukhovni:
> Alternatively, we could siglongjmp() out of a segfault handler, enabled
> around PCRE lookups, leaking whatever heap space libpcre may have
> allocated along the way, and log a more informative message, and thereby
> perhaps even avoid occasional service throttling in master that
On Thu, May 14, 2020 at 01:40:23PM -0400, Wietse Venema wrote:
> > A cursory glance at the PCRE2 docs suggests that we can ask libpcre
> > to enforce more conservative limits before it runs out of stack, and
> > it would presumably then unwind and return a recoverable error.
>
> That looks like a
Viktor Dukhovni:
> On Thu, May 14, 2020 at 10:04:44AM -0400, Wietse Venema wrote:
>
> > Once a program runs out of stack space, that is is an unrecoverable
> > error.
>
> A cursory glance at the PCRE2 docs suggests that we can ask libpcre
> to enforce more conservative limits before it runs out o
On Thu, May 14, 2020 at 12:06:34PM -0500, Thomas Strike wrote:
> This error is still showing up in the log but it doesn't appear to be
> causing any problems that I have detected.
>
> "May 12 14:21:44 sleepyvalley postfix/smtpd[16326]: error: open
> /etc/postfix/mysql-aliases.cf: No such file o
> If you are curious about the defaults in your Postfix use
> postconf | grep tls
That should be:
postconf -d | grep tls
br, Petri
smime.p7s
Description: S/MIME cryptographic signature
On Thu, May 14, 2020 at 12:56:46PM -0400, Ian Evans wrote:
> As some test suite recommendations might be harsher than what is practical
> I thought I'd check with the people who actually work on Postfix.
The most important question is: are you talking about mandatory or
opportunistic TLS. All the
> Thanks. When tweaks may have been made over the years, is there a page in the
> docs that just has a clean list of defaults for master.cf? Or check the .dist
> files?
You suspect tweaks have been made to your system? Use
postconf -n | grep tls
postconf -M | grep tls
to find out. Go throug
On 14 May 2020, at 13:06, Thomas Strike wrote:
I looked in postconf -d | grep 'mynetworks ' and the following came
up. Could this error be caused by any of this stuff? Does Postfix
really use all of this or is it superfluous and widening the SMTPd
server for attach?
'postconf -d' shows you
On Thu, May 14, 2020 at 10:04:44AM -0400, Wietse Venema wrote:
> Once a program runs out of stack space, that is is an unrecoverable
> error.
A cursory glance at the PCRE2 docs suggests that we can ask libpcre
to enforce more conservative limits before it runs out of stack, and
it would presumabl
Thomas Strike:
> Thought: I am assuming that Postfix is only reading from the main.cf and
> master.cf files. Could it be possible that Postfix is trying to use
> main.cf* and master.cf*?
Type "postfix reload" and report the main.cf filename in the logs.
Wietse
> As some test suite recommendations might be harsher than what is practical I
> thought I'd check with the people who actually work on Postfix.
>
> 1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
> that recommended? What about 1.1?
The devices will negotiate the best
On 5/14/20 2:18 AM, Viktor Dukhovni wrote:
Have you looked in master.cf? Are you looking at the right main.cf
file?
Look in the output of "postconf -n" and "postconf -M".
Yes. and postconf doesn't list this path/file in any -n, -m, -M, -p, or
-d. I have only one main.cf and one master.cf fi
As some test suite recommendations might be harsher than what is practical
I thought I'd check with the people who actually work on Postfix.
1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
that recommended? What about 1.1?
2) is there a page that has up-to-date recommend
Matus UHLAR - fantomas:
> >> On 07.05.20 12:26, Matus UHLAR - fantomas wrote:
> >> >I ust received mail where user specified destination address:
> >> >@example@example.com
> >> >
> >> >the mail was accepted and forwarded to "empty_address_recipient",
> >> >
> >> >which docs' say:
> >> >
> >> >
Larry Stone:
> I posted the note below Saturday but having seen no acknowledgement from
> Wietse, wanted to make sure it wasn?t overlooked although it?s very minor.
>
> To summarize what?s below, the default value of maillog_file_rotate_suffix is
> %Y%M%d-%H%M%S which puts minutes where you expe
Tobi:
> So the problem is definitely our pattern in combination with a VERY big
> mime part header. We're on introducing limits where we can in our patterns.
> Anyway I think that this should not end in such an ugly error where
> postfix cleanup goes south because of such header/pattern combination
I posted the note below Saturday but having seen no acknowledgement from
Wietse, wanted to make sure it wasn’t overlooked although it’s very minor.
To summarize what’s below, the default value of maillog_file_rotate_suffix is
%Y%M%d-%H%M%S which puts minutes where you expect month. It should be
Tobi:
> Hi Wietse
>
> using your suggestion with valgrind I found that the main-stacksize
> seems to be the problem. By using --main-stacksize with different values
> I found that the last working value is 59449345, changing to ...344 let
> postmap segfault:
>
> > valgrind -s --main-stacksize=594
Hello,
I have two servers running on Postfix, one of which runs version 2.10.1 and
the other server runs version 3.4.7.
On the server where I am running verion 3.4.7, I receive "501 5.5.4 Invalid
domain name" errors in emails sent to different servers. Rhe mail is sent
to postfix through exim fro
On Thursday, May 14, 2020 1:40:38 AM EDT Viktor Dukhovni wrote:
> On Wed, May 13, 2020 at 10:01:24PM -0700, Alexander Vasarab wrote:
> > May 13 21:56:38 vasaconsulting postfix/smtpd[25599]: tls_bio:
> > hsfunc=(nil), rfunc=0x7f310ef36dd0, wfunc=(nil), SSL_get_error(36) = 0
> > May 13 21:56:38 vasac
On 13/05/20 21:58 -0400, Viktor Dukhovni wrote:
Please rebuild, and post another similar set of logs.
Thanks. Attached.
Alexander
May 13 21:56:38 vasaconsulting postfix/smtpd[25599]: connect from []
May 13 21:56:38 vasaconsulting postfix/smtpd[25599]: tls_bio:
hsfunc=0x7f310ef3a780, rfunc=(ni
14.05.20, 03:32 CEST, Viktor Dukhovni:
> Are any other Debian users seeing similar issues?
I did grep for "TLS library problem"[1] an 2 Debian 10 servers (low
volume, though) and didn't find anything that seemed related.
[1] The following came up empty:
$ zgrep -i "TLS library problem" /var/log/
Wietse, Viktor
It seems that this is the problematic part of the pcre pattern
>
/^Content-(Disposition|Type).*name\s*=\s*("(?:[^"]|\\")*|[^();:,\/<>\@\"?=<>\[\]\
]*)
I tested by replacing star by star with explicit limits and found that
limits avoid the segfault. I replaced the last two stars wi
On Thu, May 14, 2020 at 02:01:31AM -0500, Thomas Strike wrote:
> > So I would not expect virtual alias tables to be appropriate as alias
> > tables. What problem are you actually trying to solve?
>
> I'm hosting multiple domains and I'm using virtual host tables. I am
> not sure that I have a pro
On Thu, May 14, 2020 at 08:53:42AM +0200, Tobi wrote:
> using your suggestion with valgrind I found that the main-stacksize
> seems to be the problem. By using --main-stacksize with different values
> I found that the last working value is 59449345, changing to ...344 let
> postmap segfault:
But
On 5/13/20 4:29 PM, Viktor Dukhovni wrote:
On Wed, May 13, 2020 at 03:42:47PM -0500, Thomas Strike wrote:
Postfix is trying to access the aliases table in the postfix db with a
wrong file name and directory. I thought I had this fixed yesterday but
it is showing up again today.
I changed the pr
42 matches
Mail list logo
