Re: Additional filter for special_result_attribute query

2020-08-19 Thread Sergey Urushkin
On 2020-08-19 18:00, Viktor Dukhovni wrote: On Wed, Aug 19, 2020 at 01:16:25PM +0300, Sergey Urushkin wrote: So, this would be great if we had a way to specify additional filter for special_result_attribute query. Something like this in our case: special_query_filter=(!(useraccountcontrol:1.2

Re: TLS client certificates and auth external

2020-08-19 Thread Wietse Venema
Steffen Nurpmeso: > I have no idea of the inner sensitivities of postfix, but i do not > understand where the problem lies. Why does postfix "wave > through" the SASL offering of EXTERNAL when it does not support > it? (I have no idea of SASL library interfaces.) Short summary: Postfix does no

Re: TLS client certificates and auth external

2020-08-19 Thread Steffen Nurpmeso
Hello. I am new to this list, and only come here to continue on this old thread. I have restored it from X-MARC-Message: https://marc.info/?l=postfix-users&m=155674111415072 so message-id etc. may not truly be correct, i apologise for that. And also, first, thank you for postfix, i use it for

Re: SMTP TLS delivery fallback

2020-08-19 Thread Viktor Dukhovni
On Thu, Aug 20, 2020 at 01:33:16AM +1000, Nikolai Lusan wrote: > Personally I have: > > smtp_tls_security_level = may > smtpd_tls_security_level = may > smtp_tls_note_starttls_offer = yes The last one one is redundant, unless you also have a policy table with security level set to "none" for som

Re: SMTP TLS delivery fallback

2020-08-19 Thread Nikolai Lusan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 06:42 -0600, @lbutlr wrote: > > smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, > RC5 > smtp_tls_loglevel = 1 FWIW it is worth periodically reviewing the documentation for openssl and the ciphers it offers t

Re: Additional filter for special_result_attribute query

2020-08-19 Thread Viktor Dukhovni
On Wed, Aug 19, 2020 at 01:16:25PM +0300, Sergey Urushkin wrote: > So, this would be great if we had a way to specify additional filter for > special_result_attribute query. Something like this in our case: > > special_query_filter=(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)) > > and the r

Additional filter for special_result_attribute query

2020-08-19 Thread Sergey Urushkin
We are using Postfix+ActiveDirectory and group aliases: query_filter = (&(mail=%s)(objectClass=group)) result_attribute = mail leaf_result_attribute = mail special_result_attribute = member And the problem is that special sub query does return disabled users (useraccountcontrol:1.2.840.113556.1