On 25/08/2021 04:01, Jean-François Bachelet wrote:
Hello ^^)
In the today's report I've got from PFLogsumm about the Postfix
activity from yesterday I have a warning that I see here :
Aug 24 19:48:55 servername postfix/postfix-script[1187]: warning:
/var/spool/postfix/etc/ssl/certs/ca-cert
On 2021-08-25 01:41, Rahul Kissoon wrote:
Could someone please explain why this is happening to me? I'm not sure
if it's an intended feature or not, but I'd like to disable it and
remove the mail in /var/mail.
you are not using dovecot lda, or dovecot lmtp
it would be helpfull to help you if
Hello ^^)
In the today's report I've got from PFLogsumm about the Postfix activity
from yesterday I have a warning that I see here :
Aug 24 19:48:55 servername postfix/postfix-script[1187]: warning:
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt
On 8/24/21 19:23, Viktor Dukhovni wrote:
On 24 Aug 2021, at 7:58 pm, Matt Corallo wrote:
May be worth mentioning here that, sadly, Postfix does not support MTA-STS
currently.
The one implementation at https://github.com/Snawoot/postfix-mta-sts-resolver/
will reduce security rather than in
> On 24 Aug 2021, at 7:58 pm, Matt Corallo wrote:
>
> May be worth mentioning here that, sadly, Postfix does not support MTA-STS
> currently.
>
> The one implementation at
> https://github.com/Snawoot/postfix-mta-sts-resolver/ will reduce security
> rather than increase it as dual-MTA-STS-DAN
On 8/18/21 21:44, raf wrote:
They are into MTA-STS instead, as a way to prevent
downgrade attacks against mail servers.
SMTP MTA Strict Transport Security (MTA-STS)
https://tools.ietf.org/html/rfc8461 (Proposed Standard)
But that's all it does (assuming other mail servers are
paying atte
No need to reply to this, I replied off-list.
Wietse
Hey, I sent a post to the list earlier but I'm not sure if it was received.
I read on the Postfix lists webpage that you need to be a member of the list
to make unmoderated posts but does it mean that non-members of the list can
post to it? I believe I'm now a member of the list but I don't know if
I guess we're not generating enough security bugs to trigger urgent
updates. :-)
Perhaps Debian needs a Postfix maintainer with more cycles to
proactively keep it up to date?
Or...
Dovecot maintains their own repo (https://repo.dovecot.org/) for us
common folk to add to our package managers a
Viktor Dukhovni:
> > RES_TRUSTAD support was already released last January with Postfix
> > 3.3.9, 3.4.11, and 3.5.1. So we already solved this 7 months ago.
> > Why isn't this fix available in downstream distros?
Woops, the fix was released by Apr 18, 2020 in Postfix 3.5.1, 3.4.11,
3.3.9. That i
On Tue, Aug 24, 2021 at 02:28:12PM -0400, Wietse Venema wrote:
> > I'll start adding RES_TRUSTAD support to the 3.3-3.5 stable releases.
> > It will combine nicely with the OpenSSL 3.x bitrot patch.
>
> RES_TRUSTAD support was already released last January with Postfix
> 3.3.9, 3.4.11, and 3.5.1.
Wietse Venema:
> I'll start adding RES_TRUSTAD support to the 3.3-3.5 stable releases.
> It will combine nicely with the OpenSSL 3.x bitrot patch.
RES_TRUSTAD support was already released last January with Postfix
3.3.9, 3.4.11, and 3.5.1. So we already solved this 7 months ago.
Why isn't this fix
Viktor Dukhovni:
> On Tue, Aug 24, 2021 at 11:32:01AM -0400, Wietse Venema wrote:
>
> > > You probably need to set the "trust AD" option in /etc/resolv.conf
> >
> > Postfix 3.6 has this comment in dns_lookup.c:
> > ...
> > Plus some plumbing in dns.h.
> >
> > Should we back-port this to the earl
On Tue, Aug 24, 2021 at 11:32:01AM -0400, Wietse Venema wrote:
> > You probably need to set the "trust AD" option in /etc/resolv.conf
>
> Postfix 3.6 has this comment in dns_lookup.c:
>
> /* .IP RES_USE_DNSSEC
> /* Request DNSSEC validation. This flag is silently ignored
> /* when the
Viktor Dukhovni:
> On Tue, Aug 24, 2021 at 04:24:30PM +0200, Bastien Durel wrote:
> > Hello,
> >
> > Since I upgraded to debian 11 (postfix 3.5.6, was 3.4.14), my cluster
> > fails inter-node deliveries.
>
> You probably need to set the "trust AD" option in /etc/resolv.conf
Postfix 3.6 has this
On Tue, Aug 24, 2021 at 04:24:30PM +0200, Bastien Durel wrote:
> Hello,
>
> Since I upgraded to debian 11 (postfix 3.5.6, was 3.4.14), my cluster
> fails inter-node deliveries.
You probably need to set the "trust AD" option in /etc/resolv.conf
https://man7.org/linux/man-pages/man5/resolv.con
On 2021-08-24 16:24, Bastien Durel wrote:
How can I find why these records are not found now ?
chroot fails ?
I've configured the inter-node relay in master.cf as this:
lrelayunix - - y - - smtp
-o sender_canonical_maps=fail:
-o syslog_name=postfix/clu
Hello,
Since I upgraded to debian 11 (postfix 3.5.6, was 3.4.14), my cluster
fails inter-node deliveries.
I have TLSA errors in logs:
Aug 24 16:09:26 arrakeen postfix/cluster/smtp[992382]: warning: TLS policy
lookup error for [corrin.geekwu.org]:26/corrin.geekwu.org: no TLSA records found
Aug 2
18 matches
Mail list logo
