Re: Problem with starttls / orange.fr

On 30/03/2021 07:35, Nick Tait wrote:  > smtp_tls_protocols = !SSLv2, !SLv3 TLSv1.1, TLSv1.2 You have several issues in the line above. I suggest removing this line and using the default setting? In addition to the configuration error, it is well known (at least here) that smtp-in.orange.fr

Re: Problem with starttls / orange.fr

On March 30, 2021 7:08:39 AM GMT+02:00, "DEPRÉ Gaëtan - NGServers.com" wrote: >Hi ! > > > >While trying to send an email to some...@orange.fr > , I get this error log : > > > >Mar 30 06:47:39 mail postfix/qmgr[18959]: 29D0248A23DC: >from=x...@domain.dom >

RE: Problem with starttls / orange.fr

Original message  > smtp_tls_protocols = !SSLv2, !SLv3 TLSv1.1, TLSv1.2You have several issues in the line above. I suggest removing this line and using the default setting?Nick.

Problem with starttls / orange.fr

Hi ! While trying to send an email to some...@orange.fr , I get this error log : Mar 30 06:47:39 mail postfix/qmgr[18959]: 29D0248A23DC: from=x...@domain.dom , size=93541, nrcpt=1 (queue active) Mar 30 06:47:39 mail postfix/smtp[24365]: S

Re: AUTH TLS before or after HELO/EHLO?

On Mon, 2021-03-29 at 21:18 -0400, Bill Cole wrote: > On 29 Mar 2021, at 20:56, Gordon Ewasiuk wrote: > > > Hi List, > > > > Can I get a sanity check please? Am seeing 50-60 of these a day: > > > > Out: 220 fortirwin.blackhorselabs.net ESMTP Postfix > > In: AUTH TLS > > Out: 503 5.5.1 Error: s

Re: AUTH TLS before or after HELO/EHLO?

On 29 Mar 2021, at 20:56, Gordon Ewasiuk wrote: Hi List, Can I get a sanity check please? Am seeing 50-60 of these a day: Out: 220 fortirwin.blackhorselabs.net ESMTP Postfix In: AUTH TLS Out: 503 5.5.1 Error: send HELO/EHLO first Is that a mis-config on my part (very possible) or just a ran

AUTH TLS before or after HELO/EHLO?

Hi List, Can I get a sanity check please? Am seeing 50-60 of these a day: Out: 220 fortirwin.blackhorselabs.net ESMTP Postfix In: AUTH TLS Out: 503 5.5.1 Error: send HELO/EHLO first Is that a mis-config on my part (very possible) or just a random scanner? The AUTH TLS lines are coming from a

Re: [External] Postfix and Mimedefang for single user?

> On 28 Mar 2021, at 19:40, Kevin A. McGrail wrote: > > Hi LuKreme, > > I believe once you hook in MIMEDefang with postfix, it's a general purpose > filter that uses the milter interface to process emails at various stages of > the mail dialogue and processing. It hurts my brain to think

Re: tlsproxy: TLS handshake failed for service=smtp

On Mon, Mar 29, 2021 at 04:06:51PM -0400, Viktor Dukhovni wrote: > > On Mar 29, 2021, at 3:45 PM, Tomas Habarta wrote: > > > > 6663]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0", > > iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CTRUNC}, 0) = 1 > > [7141]: re

Re: tlsproxy: TLS handshake failed for service=smtp

> On Mar 29, 2021, at 3:45 PM, Tomas Habarta wrote: > > 6663]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0", > iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CTRUNC}, 0) = 1 > [7141]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0", > iov_l

Re: tlsproxy: TLS handshake failed for service=smtp

On Mon, Mar 29, 2021 at 01:22:38PM -0400, Wietse Venema wrote: > Tomas Habarta: > > Hello, > > > > I would like to ask about the following encountered during selinux testing: > > * currently running 3.5.8 self-compiled (no vendor packaging), centos8 > > (selinux disabled) > > * target platform ce

Re: quoted-unprintable, was BINARYMIME in Postfix

On 3/21/21 8:13 PM, John Levine wrote: > It appears that Wietse Venema said: >> With uniform or compressed payloads, 256 bytes become 261 on average, >> thus it takes 978.9 bytes on average to expand into 998. Add CR >> and LF to the 998, and we have an expansion of 1000/978.9=1.022 or >> just a

Re: tlsproxy: TLS handshake failed for service=smtp

Tomas Habarta: > Hello, > > I would like to ask about the following encountered during selinux testing: > * currently running 3.5.8 self-compiled (no vendor packaging), centos8 > (selinux disabled) > * target platform centos8 (same configuration but selinux enabled) Best bet is to strace the tls

Re: tlsproxy: TLS handshake failed for service=smtp

On Mon, Mar 29, 2021 at 06:36:10PM +0200, Tomas Habarta wrote: > selinux enabled: > transaction fails with: > > tlsproxy[23256]: warning: tlsp_get_fd_event: receive remote SMTP peer file > descriptor: Success > tlsproxy[23256]: TLS handshake failed for service=smtp peer=[10.25.41.35]:25 > tlspro

tlsproxy: TLS handshake failed for service=smtp

Hello, I would like to ask about the following encountered during selinux testing: * currently running 3.5.8 self-compiled (no vendor packaging), centos8 (selinux disabled) * target platform centos8 (same configuration but selinux enabled) With smtp_tls_connection_reuse = yes, all works ok on a

Re: Port 25 Throttling?

Great ideas guys -- Thanks! Greg www.RayStedman.org On Mon, Mar 29, 2021 at 7:26 AM Richard James Salts wrote: > On Monday, 29 March 2021 9:34:13 AM AEDT Wietse Venema wrote: > ... > > Third, look with mtr at the latency pattern. If part of your traffic > > goes over a satellite, of if it is tu

Re: Port 25 Throttling?

On Monday, 29 March 2021 9:34:13 AM AEDT Wietse Venema wrote: ... > Third, look with mtr at the latency pattern. If part of your traffic > goes over a satellite, of if it is tunneled to some far-away country, > then you will see a big jump. Unfortunately, mtr does not support > tcp so you can't do

Re: Mysql virtual + unionmap

Em 29/03/2021 03:37, Viktor Dukhovni escreveu: Congrats. I should perhaps note that with SQL you hardly need a unionmap: query = SELECT email as user FROM virtual_users WHERE email='%s' UNION SELECT owned as user FROM virtual_delegation WHERE owner='%s'     I have this exact

RE: Mysql virtual + unionmap

You're right! I think unionmap is useful if there is a mix with mysql maps and pcre maps, or other mixed maps. I modified my sender-login-maps.cf to include UNION with both of the queries. Thanks again, Viktor. Regards -Message d'origine- De : owner-postfix-us...@postfix.org De la pa