Viktor Dukhovni:
> On Sun, Feb 07, 2021 at 05:33:10PM +0100, Marek Kozlowski wrote:
>
> > Presumably it's my fault but I cannot find such an option. If so - thank
> > you for directing me to it. I'm wondering if it possible to limit
> > incoming mail with '...@somedomain.tld' specified as a send
On Sun, Feb 07, 2021 at 05:33:10PM +0100, Marek Kozlowski wrote:
> Presumably it's my fault but I cannot find such an option. If so - thank
> you for directing me to it. I'm wondering if it possible to limit
> incoming mail with '...@somedomain.tld' specified as a sender address*)
> to IPs belo
On Mon, Feb 08, 2021 at 02:17:46AM +0300, Eugene Podshivalov wrote:
> Are there any reasons not to have Postfix compiled with TCP wrappers?
Because that would likely be entirely redundant. Postfix already has
IP-based access controls (local tables, RBL lookups, postscreen(8), ...
and can also lo
Hi all,
Are there any reasons not to have Postfix compiled with TCP wrappers?
Regards,
Eugene
Marek Kozlowski wrote:
> Have you ever read you own code (or quick fixes) written >5 years
> ago if you'd forgotten to place comments? ;-)
I often say, "I miss my younger brain." Back then I could remember
all of the details. These days I write notes to my future self. My
future self who will r
On Sun, Feb 07, 2021 at 03:26:29PM -0500, Alex wrote:
> > Quoting Zathros, "Cannot say. Saying, I would know. Do not know, so
> > cannot say." It all depends upon your use of sudo. One can't say it
> > won't be secure. The devil is in the details.
>
> I figured that if main.cf was owned by r
Alex wrote:
> Yes, it's a web front-end, using apache and php-fpm.
> It's written using laravel and PHP.
It relieves me (Whew!) that it is not using WP which historically has
had deep security vulnerabilities quite often. And therefore in the
situation you are proposing would be a likely stepping
Marek Kozlowski:
> :-)
>
> On 2/7/21 10:00 PM, Wietse Venema wrote:
> > Marek Kozlowski:
> >> :-)
> >>
> >> I'm working on simplification, adding comments and brushing up my
> >> main.cf. I've just found the following entry:
> >>
> >> fork_attempts=10
> >>
> >> Seems to be added manually so there
:-)
On 2/7/21 10:00 PM, Wietse Venema wrote:
Marek Kozlowski:
:-)
I'm working on simplification, adding comments and brushing up my
main.cf. I've just found the following entry:
fork_attempts=10
Seems to be added manually so there was some reason for it.
How many people have root privilege
Marek Kozlowski:
> :-)
>
> I'm working on simplification, adding comments and brushing up my
> main.cf. I've just found the following entry:
>
> fork_attempts=10
>
> Seems to be added manually so there was some reason for it.
How many people have root privilege on your machine?
> Unfortunate
:-)
I'm working on simplification, adding comments and brushing up my
main.cf. I've just found the following entry:
fork_attempts=10
Seems to be added manually so there was some reason for it.
Unfortunately there is no comment on it in the file. The documentation
is very short:
"Limit on
On Sun, Feb 07, 2021 at 02:47:11PM -0500, Wietse Venema wrote:
> Alex:
> > Hi,
> >
> > I'm working on a front-end to modify our main.cf and other config
> > files, such as the transport and relay_recips file and want to be sure
> > I'm doing it securely.
> >
> > Postfix complains if the files are
Hi,
> > I'm working on a front-end to modify our main.cf and other config
> > files, such as the transport and relay_recips file
>
> Hmm... A front-end? Should we assume this is a web UI frontend?
> Because although most of us use $EDITOR for those files the official
> frontend is "postconf" for
Alex wrote:
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file
Hmm... A front-end? Should we assume this is a web UI frontend?
Because although most of us use $EDITOR for those files the official
frontend is "postconf" for it.
On 7 Feb 2021, at 14:33, Marek Kozlowski wrote:
:-)
On 2/7/21 7:51 PM, Bill Cole wrote:
On 7 Feb 2021, at 12:52, Marek Kozlowski wrote:
:-)
On 2/7/21 6:34 PM, Benny Pedersen wrote:
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should
Alex:
> Hi,
>
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file and want to be sure
> I'm doing it securely.
>
> Postfix complains if the files are not owned by root, but I don't want
> the script to have to run as root. What
:-)
On 2/7/21 7:51 PM, Bill Cole wrote:
On 7 Feb 2021, at 12:52, Marek Kozlowski wrote:
:-)
On 2/7/21 6:34 PM, Benny Pedersen wrote:
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should be
accepted even if the user is not authenticated,
Jeff Abrahamson wrote:
> Setting
> inet_protocols = ipv4
> fixes the issue.
I have heard (so apply the rumor filter accordingly) that Google's
Gmail is more strict for IPv6 clients than IPv4 clients. When SPF,
DKIM, DMARC fails then for IPv4 clients it is more likely it will be
accepted and t
On 7 Feb 2021, at 12:52, Marek Kozlowski wrote:
:-)
On 2/7/21 6:34 PM, Benny Pedersen wrote:
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should be
accepted even if the user is not authenticated, and rejected without
authentication for o
:-)
On 2/7/21 6:34 PM, Benny Pedersen wrote:
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should be
accepted even if the user is not authenticated, and rejected without
authentication for other CIDR blocks.
add 192.168.0.0/16 to mynetwor
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should be
accepted even if the user is not authenticated, and rejected without
authentication for other CIDR blocks.
add 192.168.0.0/16 to mynetworks
you show bogus logs btw
On 2021-02-07 18:08, Curtis Maurand wrote:
I would suggest giving higher preference to SPF. You can even reject
if SPF fails.
sure spf is the network policy, but i do not need network policy to
reject local domains in port 25
world would be perfect if spf was used more even on postfix mail
:-)
No, misunderstanding. I'm not asking about SPF, DKIM etc.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
I have a mail server for a few domains. I need something more general
that permit_mynetworks
Sent from my iPhone
> On Feb 7, 2021, at 11:44 AM, Benny Pedersen wrote:
>
> On 2021-02-07 17:33, Marek Kozlowski wrote:
>> :-)
>
> +1
>
>> Presumably it's my fault but I cannot find such an option. If so -
>> thank you for directing me to it. I'm wondering if it possible to
>> limit incom
On 2021-02-07 17:33, Marek Kozlowski wrote:
:-)
+1
Presumably it's my fault but I cannot find such an option. If so -
thank you for directing me to it. I'm wondering if it possible to
limit incoming mail with '...@somedomain.tld' specified as a sender
address*) to IPs belonging from some CIDR
:-)
Presumably it's my fault but I cannot find such an option. If so - thank
you for directing me to it. I'm wondering if it possible to limit
incoming mail with '...@somedomain.tld' specified as a sender address*)
to IPs belonging from some CIDR ranges:
- if addresses from the ranges belong
Hi,
I'm working on a front-end to modify our main.cf and other config
files, such as the transport and relay_recips file and want to be sure
I'm doing it securely.
Postfix complains if the files are not owned by root, but I don't want
the script to have to run as root. What is the most secure way
On Sun, Feb 07, 2021 at 11:09:42AM +0300, OzyMate wrote:
> If I change smtp_tls_security_level = encrypt with
> smtplmtp_tls_security_level =encrypt, all seem working.
You completely ignored the bulk of my reply, and just fudged
something random. :-(
0. An apparently working configuration i
If I change smtp_tls_security_level = encrypt with
smtplmtp_tls_security_level =encrypt, all seem working.
I appreciate your help.
Please find below output of "postconf -n" for completeness:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compati
Thank you for taking your time to reply.
I didn't say that 127.0.0.1 is Amazon SES. That is my server. As soon as
I change "smtp_tls_security_level = encrypt" with
"smtp_tls_security_level = may", it works.
My question is that why "encrypt" option is not working with my postfix
setup.
Ther
30 matches
Mail list logo
