Re: question about certificates usage

On Sun, Apr 24, 2022 at 11:20:29AM +0800, "ミユナ (alice)" wrote: > > > raf wrote: > > I'm fairly sure that's correct. MTAs generally don't > > care if the MX domain doesn't match the certificate on > > port 25. But MUAs generally do care if the hostname > > they are configured to connect to does

Re: password security

Hi, do you know how to stop passwords from being brute-forced for a mailserver? do you have any practical guide? fail2ban is a proper solution on Linux machines against brute force login attempts. Groetjes Claus -- Claus R. Wickinghoff, Dipl.-Ing. using Linux since 1994 and still happy

password security

do you know how to stop passwords from being brute-forced for a mailserver? do you have any practical guide? thank you.

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Looks good, I see nothing concerning here or in the FreeBSD patches for the postfix ports. Wietse

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Michael Grimm wrote: > Wietse Venema wrote: >> I can use some additional information, off-list email preferred. Well I screwed it ;-) Regards, Michael

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Wietse Venema wrote: > I can use some additional information, off-list email preferred. Ok the following configuration is identical at both servers (besides hostname). > Complete output from: > >postconf -n autoresponder_destination_recipient_limit = 1 command_directory = /usr/local/sbin

Re: how other MTA talks to me

On Sun, Apr 24, 2022 at 04:59:11PM +0200, Matus UHLAR - fantomas wrote: > >smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > keep this one, as you are the client supposed to have this data > > >smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > r

Re: how other MTA talks to me

On Sun, Apr 24, 2022 at 05:42:39PM +0200, Benny Pedersen wrote: > On 2022-04-24 15:08, Byung-Hee HWANG wrote: > >>> This is useful testing site: > >>> > > > > Also smtp*_tls_loglevel are useful to debug. > > more trees in the wood hide the real tree The re

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

I can use some additional information, off-list email preferred. Complete output from: postconf -n postconf -P Again, off-list email preferred. Wietse

Re: how other MTA talks to me

On 2022-04-24 15:08, Byung-Hee HWANG wrote: This is useful testing site: Also smtp*_tls_loglevel are useful to debug. more trees in the wood hide the real tree

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Wietse Venema wrote: > Michael Grimm: >> I do have to admit that I haven't been using tcpdump a lot. I found 35 >> distinct IP addresses that do trigger 'signal 11'. I am currently running >> tcpdump on both servers with those addresses. AND: I did remove >> smtputf8_enable=8 on master.cf for

Re: how other MTA talks to me

On 24.04.22 20:46, ミユナ (alice) wrote: smtp_use_tls = yes remove - replaced by smtp_tls_security_level smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache keep this one, as you are the client supposed to have this data smtpd_use_tls = yes remove - replaced by smtpd_tls_

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Michael Grimm: > I do have to admit that I haven't been using tcpdump a lot. I found 35 > distinct IP addresses that do trigger 'signal 11'. I am currently running > tcpdump on both servers with those addresses. AND: I did remove > smtputf8_enable=8 on master.cf for these tests. Hope that's what

Re: how other MTA talks to me

>> This is useful testing site: >> Also smtp*_tls_loglevel are useful to debug. Thanks ^^^ Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Michael Grimm wrote > [had to remove one of two attachments due to 'Message too long' issue] And here is the previously omitted attachment. HTH and regards, Michael zMX1.txt.bz2 Description: BZip2 compressed data

Re: how other MTA talks to me

smtp_use_tls = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache so, the four lines above can be commented out? thank you. Viktor Dukhovni wrote: On Sun, Apr 24, 2022 at 08:4

Re: how other MTA talks to me

On Sun, Apr 24, 2022 at 08:42:01PM +0800, ミユナ (alice) wrote: > Viktor Dukhovni wrote: > >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > You typically don't need this, session tickets make a server-side cache > > needless baggage. > > Do you mean I won't cache the tl

Re: how other MTA talks to me

Viktor Dukhovni wrote: smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache You typically don't need this, session tickets make a server-side cache needless baggage. do you mean I won't cache the tls session? why not then? thank you.

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Viktor Dukhovni wrote: > On Sat, Apr 23, 2022 at 10:28:37PM -0400, Wietse Venema wrote: >> It would be invaluable to have a recording of a complete session >> with that system. Something like: >> >>tcpdump -i name-of-interface is 2000 -w /file/name host 1.2.3.4 > > I think Wietse meant "-s

Re: how other MTA talks to me

On Sun, Apr 24, 2022 at 06:34:17PM +0800, ミユナ (alice) wrote: > but for smtp service on port 25, how other MTA talks to me? they are > using plain, startTLS or SSL? STARTTLS: https://datatracker.ietf.org/doc/html/rfc3207 > My configuration on main.cf include: > > smtp_use_tls = yes > smtpd_use_

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

Viktor Dukhovni wrote: > On Sun, Apr 24, 2022 at 01:19:49PM +0200, Michael Grimm wrote: >> Mar 25 03:43:17 mx2.lan postfix/postscreen[5463]: CONNECT from >> [89.248.165.24]:61384 to [10.1.1.1]:25 >> Mar 25 03:43:17 mx2.lan postfix/postscreen[5463]: PREGREET 47 >> after 0 from [89.248.165.24]:

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

On Sun, Apr 24, 2022 at 01:19:49PM +0200, Michael Grimm wrote: > This time the maillog files are unedited (besides my local hostnames), > thus showing the real IPs. Some do resolve, some not. > > I reported in my first post that all those 'signal 11' events were > headed by 'BARE NEWLINE' entries

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

[had to remove one of two attachments due to 'Message too long' issue] Wietse Venema wrote:Michael Grimm:Wietse Venema wroteWhat is the output from:postconf smtputf8_enableToday it is: smtputf8_enable = noThis is in main.cf. When was this changed? The c

Re: how other MTA talks to me

good resource to know. thank you. Byung-Hee HWANG wrote: "ミユナ (alice)" writes: (... thanks ...) but for smtp service on port 25, how other MTA talks to me? they are using plain, startTLS or SSL? This is useful testing site: Thanks ^^^ Sincerely, Lin

Re: how other MTA talks to me

"ミユナ (alice)" writes: > (... thanks ...) > but for smtp service on port 25, how other MTA talks to me? they are > using plain, startTLS or SSL? This is useful testing site: Thanks ^^^ Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

how other MTA talks to me

Hello for smtpd secure communication, I have known how to implement it and how clients (thunderbird etc) access it. but for smtp service on port 25, how other MTA talks to me? they are using plain, startTLS or SSL? I am not sure on this point. My configuration on main.cf include: smtp_use