Re: SMTPD delay rejects evaluation

On 3/1/2022 14:55, Alexander Stienstra wrote: On 29-12-2021 11:13, Matus UHLAR - fantomas wrote: - With smtpd_delay_reject=no, Postfix will log a DNSBL 'reject' in smtpd_client_restrictions without any sender or recipient information. That makes it difficult to answer questions about "missin

Re: Mail system is down

On Tue, 2022-01-04 at 15:32 +1100, raf wrote: > On Mon, Jan 03, 2022 at 07:22:24PM -0500, Ken Wright > wrote: > > > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > > Actually, if you are still getting > > > "/usr/lib/postfix/sbin/0: No such file or directory" > > > messages (with new timestamps

Re: Mail system is down

On Mon, Jan 03, 2022 at 08:02:20PM -0500, Ken Wright wrote: > On Mon, 2022-01-03 at 19:45 -0500, Wietse Venema wrote: > > Ken Wright: > > > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > > > Actually, if you are still getting > > > > "/usr/lib/postfix/sbin/0: No such file or directory" > > >

Re: Mail system is down

On Mon, Jan 03, 2022 at 07:22:24PM -0500, Ken Wright wrote: > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > Actually, if you are still getting > > "/usr/lib/postfix/sbin/0: No such file or directory" > > messages (with new timestamps), that must mean that you > > didn't reload postfix after

Re: Adding Additional domains and outgoing email

On Mon, Jan 03, 2022 at 01:29:59PM -0500, Ruben Safir wrote: > On Thu, Dec 23, 2021 at 11:20:09AM +1100, raf wrote: > > On Wed, Dec 22, 2021 at 12:20:31AM -0500, Ruben Safir > > wrote: > > > > > On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote: > > > > On Tue, Dec 21, 2021 at 06:52:23AM -0

SMTP over IPv6

Two systemd test servers running postfix 3.5.8 with IPv4 and IPv6. Servers run own bind and resolv.conf points to 127.0.0.1 Not sure if im reading the manual wrong but this is what I have observed. If using [ ] around IPv6 smtp_bind_address6 = [] And using submission over port 587, when post

Re: Mail system is down

On Mon, 2022-01-03 at 20:50 -0500, Viktor Dukhovni wrote: > On Mon, Jan 03, 2022 at 08:02:20PM -0500, Ken Wright wrote: > > > $ sudo chmod g+s /usr/sbin/postdrop > > $ ls -la /usr/sbin/postdrop > > -r-xr-sr-x 1 postfix postdrop 22808 Sep  7 02:58 /usr/sbin/postdrop > > > > Wietse, is this what's

Re: Mail system is down

On Mon, Jan 03, 2022 at 08:02:20PM -0500, Ken Wright wrote: > $ sudo chmod g+s /usr/sbin/postdrop > $ ls -la /usr/sbin/postdrop > -r-xr-sr-x 1 postfix postdrop 22808 Sep 7 02:58 /usr/sbin/postdrop > > Wietse, is this what's expected? The expected permissions are recorded in the "postfix-files"

Re: Mail system is down

On 1/3/22 20:02, Ken Wright wrote: $ sudo chmod g+s /usr/sbin/postdrop $ ls -la /usr/sbin/postdrop -r-xr-sr-x 1 postfix postdrop 22808 Sep 7 02:58 /usr/sbin/postdrop Wietse, is this what's expected? That looks exactly correct to me. -- Phil Stracchino Babylon Communications ph...@ca

Re: Mail system is down

On Mon, 2022-01-03 at 19:45 -0500, Wietse Venema wrote: > Ken Wright: > > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > > Actually, if you are still getting > > > "/usr/lib/postfix/sbin/0: No such file or directory" > > > messages (with new timestamps), that must mean that you > > > didn't relo

Re: Mail system is down

Ken Wright: > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > Actually, if you are still getting > > "/usr/lib/postfix/sbin/0: No such file or directory" > > messages (with new timestamps), that must mean that you > > didn't reload postfix after fixing master.cf. You need > > to do that. Reload P

Re: Mail system is down

On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > Actually, if you are still getting > "/usr/lib/postfix/sbin/0: No such file or directory" > messages (with new timestamps), that must mean that you > didn't reload postfix after fixing master.cf. You need > to do that. Reload Postfix and see if those

Re: "ignoring DNS RR:" for only google.com MX ?

Viktor Dukhovni: > On Mon, Jan 03, 2022 at 12:32:03PM -0500, Wietse Venema wrote: > > > > offhand, is that generally needed/beneficial for google.com MXs? > > > > I don't know, does anyone want to be the guinea pig and discover > > if they still randomly bounce email over IPv6? > > Last I heard

Re: "ignoring DNS RR:" for only google.com MX ?

On 1/3/22 18:15, Viktor Dukhovni wrote: On Mon, Jan 03, 2022 at 12:32:03PM -0500, Wietse Venema wrote: offhand, is that generally needed/beneficial for google.com MXs? I don't know, does anyone want to be the guinea pig and discover if they still randomly bounce email over IPv6? Last I hear

Re: "ignoring DNS RR:" for only google.com MX ?

On Mon, Jan 03, 2022 at 12:32:03PM -0500, Wietse Venema wrote: > > offhand, is that generally needed/beneficial for google.com MXs? > > I don't know, does anyone want to be the guinea pig and discover > if they still randomly bounce email over IPv6? Last I heard the Google MX host policy is not

Re: Some DNSSEC/DANE questions

On Mon, Jan 03, 2022 at 09:47:44AM -0800, Dan Mahoney wrote: > Also...the server I'm sending to has a legit signed cert that matches > its hostname, so the message I get is: > > Trusted TLS connection established to prime.gushi.org[149.20.68.142]:25: > TLSv1.2 with cipher ECDHE-RSA-AES256-G

Re: Some DNSSEC/DANE questions

On 2022-01-03 23:02, Dan Mahoney wrote: On Jan 3, 2022, at 1:46 PM, Mike wrote: On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote: [snip] One more question: Does anyone know of a "reflector" like service that one can use to test DANE validation, i.e. a site that one is allowed to send test me

Re: Some DNSSEC/DANE questions

> On Jan 3, 2022, at 1:46 PM, Mike wrote: > > On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote: >> [snip] >> >> One more question: Does anyone know of a "reflector" like service that one >> can use to test DANE validation, i.e. a site that one is allowed to send >> test messages to, that *onl

Re: Some DNSSEC/DANE questions

On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote: >[snip] > > One more question: Does anyone know of a "reflector" like service that one > can use to test DANE validation, i.e. a site that one is allowed to send > test messages to, that *only* has DANE as the trust mech (so, say, a > self-signed

Re: Mail system is down

On Mon, Jan 03, 2022 at 03:14:32PM +1100, raf wrote: > On Sun, Jan 02, 2022 at 11:03:08PM -0500, Ken Wright > wrote: > > > On Mon, 2022-01-03 at 14:50 +1100, raf wrote: > > > On Sun, Jan 02, 2022 at 09:32:53PM -0500, Ken Wright > > > wrote: > > > > > > > Just checked my mail logs.  Do any of

Re: Some DNSSEC/DANE questions

On Mon, 3 Jan 2022, Dan Mahoney wrote: This is a problem when your local resolver is slaving the root zone, as a standard root zone "type slave" will hand . NS out with the AA bit set, but will not set the AD bit. There's a feature in more recent versions of BIND (mirror zones) that may fix

Re: Use of CIDR with mynetworks tables

Scott Kitterman: > Last one on my postfix bug triage pile for today: > > A Debian user complained that using CIDR notation in hash tables for > mynetworks doesn't work. Of course it doesn't. I found discussions about > this going back a long time [1], which suggests to me that the documentatio

Re: Some DNSSEC/DANE questions

Dan Mahoney: > > If you enable DNSSEC lookups, Postfix will log a warning when the root > > zone appears unsigned. See: > > > >http://www.postfix.org/postconf.5.html#dnssec_probe > > > >This feature is available in Postfix 3.6 and later. It was > >backported to Postfix versions 3.5.9

Re: Adding Additional domains and outgoing email

On Thu, Dec 23, 2021 at 11:20:09AM +1100, raf wrote: > On Wed, Dec 22, 2021 at 12:20:31AM -0500, Ruben Safir > wrote: > > > On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote: > > > On Tue, Dec 21, 2021 at 06:52:23AM -0500, Ruben Safir > > > wrote: > > > > > > > I want to add a domain for th

Use of CIDR with mynetworks tables

Last one on my postfix bug triage pile for today: A Debian user complained that using CIDR notation in hash tables for mynetworks doesn't work. Of course it doesn't. I found discussions about this going back a long time [1], which suggests to me that the documentation might be improved to mak

Re: Some DNSSEC/DANE questions

> On Jan 3, 2022, at 6:22 AM, Viktor Dukhovni > wrote: > > On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote: > >> We run validating resolvers at the day job, but by default not on the box >> where postfix runs. (I.e. we rely on the AD bit). > > "Relying in the AD bit" i

Re: "ignoring DNS RR:" for only google.com MX ?

PGNet Dev: > cat ./local/smtp_dns_reply_filter.pcre > # <- Wietse Venema: > # force IPv4 for all domains that have Google as an MX host. > # This drops all records from Google MX hosts, > # effectively forcing Postfix to deliver

"ignoring DNS RR:" for only google.com MX ?

in the process of turning on IPv6, send to public 'net via my outbound smtp instance, smtp-out-ext unix - - n - - smtp -o syslog_name=postfix/smtp-out-ext -o smtp_line_length_limit=990 -o smtp_tls_security_level=dane -o smtp_tls_policy_maps

Re: after adding IPv6 config, getting fail on submission -> "fatal: open dictionary: expecting "type:name" form instead of "::1"" ?

On 1/3/22 11:03, Wietse Venema wrote: There's a 'bare' ::1 where [::1] is needed. To find these in main.cf or master.cf: postconf | grep '[^[]::1' postconf -P | grep '[^[]::1' The 'bare' ::1 may also appear in a /file/name that is referenced by mynetworks or by some other Postfix feature. Ther

Re: after adding IPv6 config, getting fail on submission -> "fatal: open dictionary: expecting "type:name" form instead of "::1"" ?

PGNet Dev: > I'm trying to add IPv6 addresses to a previously IPv4-only/working > internal-network submission node (mx1); the node receives submissions from > another sending postfix instance (mx2) > > I've botched something, & am getting an error I don't yet > recognize/understand, > >

Re: Possible issue when user has single space as comment

On Monday, January 3, 2022 10:24:07 AM EST Wietse Venema wrote: > Scott Kitterman: > > I have been remiss in forwarding this bug report, thinking I would get > > time to build a concise test case. It keeps not happening, so here you > > go. > > > > A Debian user reported [1] a problem where their

after adding IPv6 config, getting fail on submission -> "fatal: open dictionary: expecting "type:name" form instead of "::1"" ?

I'm trying to add IPv6 addresses to a previously IPv4-only/working internal-network submission node (mx1); the node receives submissions from another sending postfix instance (mx2) I've botched something, & am getting an error I don't yet recognize/understand, fatal: open dictionary: e

Re: Possible issue when user has single space as comment

Scott Kitterman: > I have been remiss in forwarding this bug report, thinking I would get time > to > build a concise test case. It keeps not happening, so here you go. > > A Debian user reported [1] a problem where their cleanup process was killed > by > signal 11 during local mail injection

Possible issue when user has single space as comment

I have been remiss in forwarding this bug report, thinking I would get time to build a concise test case. It keeps not happening, so here you go. A Debian user reported [1] a problem where their cleanup process was killed by signal 11 during local mail injection: Aug 06 16:57:30 amilcar postfi

Re: https://www.postfix.org/ in trouble

On Mon, Jan 03, 2022 at 03:19:36PM +0100, Jaap van Wingerde wrote: > > try plaintext http: http://www.postfix.org/ currently works for me. > > Firefox (with 'only-https' off, still redirects to https). Then you've failed to completely turn off 'only-https'. The pages at "http://www.postfix.org/

Re: Some DNSSEC/DANE questions

On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote: > We run validating resolvers at the day job, but by default not on the box > where postfix runs. (I.e. we rely on the AD bit). "Relying in the AD bit" is independent of whether the validating resolver is local or remote. How

Re: https://www.postfix.org/ in trouble

On 1/3/22 09:08, Alexey Shpakovsky wrote: > On Mon, January 3, 2022 14:48, Jaap van Wingerde wrote: >> All the urls on https://www.postfix.org give an 'Not found'error, and a >> 'SSL_ERROR_BAD_CERT_DOMAIN' error. >> > > try plaintext http: http://www.postfix.org/ currently works for me. Browsers

Re: https://www.postfix.org/ in trouble

Op 2022-01-03T15:08:08+0100 schreef Alexey Shpakovsky in bericht , inzake: https://www.postfix.org/ in trouble> het volgende. > try plaintext http: http://www.postfix.org/ currently works for me. Firefox (with 'only-https' off, still redirects to https). Chromium shows the working http-site.

Re: https://www.postfix.org/ in trouble

The main page directs to "Apache Software Foundation Distribution Directory". Op 2022-01-03T14:48:36+0100 schreef Jaap van Wingerde in bericht , inzake: het volgende. > All the urls on https://www.postfix.org give a 'Not found' error, and > a 'SSL_ERROR_BA

Re: https://www.postfix.org/ in trouble

No problem with the below NON secure url > On Jan 3, 2022, at 9:08 AM, Alexey Shpakovsky > wrote: > > On Mon, January 3, 2022 14:48, Jaap van Wingerde wrote: >> All the urls on https://www.postfix.org give an 'Not found'error, and a >> 'SSL_ERROR_BAD_CERT_DOMAIN' error. >> > > try plaintext h

Re: https://www.postfix.org/ in trouble

On Mon, January 3, 2022 14:48, Jaap van Wingerde wrote: > All the urls on https://www.postfix.org give an 'Not found'error, and a > 'SSL_ERROR_BAD_CERT_DOMAIN' error. > try plaintext http: http://www.postfix.org/ currently works for me.

Re: https://www.postfix.org/ in trouble

On 2022-01-03 14:48, Jaap van Wingerde wrote: All the urls on https://www.postfix.org give an 'Not found'error, and a 'SSL_ERROR_BAD_CERT_DOMAIN' error. Brugere med ondsindede hensigter kan forsøge at stjæle dine oplysninger fra www.postfix.org (f.eks. adgangskoder, beskeder eller kreditkort).

Some DNSSEC/DANE questions

Hey there, We run validating resolvers at the day job, but by default not on the box where postfix runs. (I.e. we rely on the AD bit). In reading over what's required to enable DANE support in postfix, I see that there's a compile-time requirement for the DNS lib in the OS to support it, wh

https://www.postfix.org/ in trouble

All the urls on https://www.postfix.org give an 'Not found'error, and a 'SSL_ERROR_BAD_CERT_DOMAIN' error.

Re: Mail system is down

Ken Wright: > On Sun, 2022-01-02 at 21:59 -0500, Wietse Venema wrote: > > Ken Wright: > > > On Sun, 2022-01-02 at 19:40 -0500, Wietse Venema wrote: > > > > Sorry, I mis-typed 'postqueue'. > > > > > > > > Try this instead. > > > > > > > > Here is what happens on my system. > > > > > > > > As root

Re: SMTPD delay rejects evaluation]

On 29-12-2021 11:13, Matus UHLAR - fantomas wrote: - With smtpd_delay_reject=no, Postfix will log a DNSBL 'reject' in smtpd_client_restrictions without any sender or recipient information. That makes it difficult to answer questions about "missing" email. And when SASL is used with delays