[pfx] Re: server does not pick up new certificates

On 23/07/2023 22:44, Viktor Dukhovni via Postfix-users wrote: On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users wrote: In the case of the dehydrated ACME client (https://github.com/dehydrated-io/dehydrated) there's an option to run a bunch of commands on successful update, in

[pfx] Re: sender_dependend_relay_host_maps and local recipients

Robert Senger via Postfix-users: > Hi Viktor, > > thank you. So, it's not possible to route email different when sent > from an authenticated user through port 587, than imcoming email sent > through port 25? This would avoid a loop, as far as I understand > things... Postfix routing does not car

[pfx] Re: OT: Does the GPDR require mandatory/verified TLS encryption? (was: SMTP client: How to log reason for untrusted TLS connection to MX?)

Dnia 24.07.2023 o godz. 19:26:37 Paul Menzel via Postfix-users pisze: > > I claim, that using mandatory and verified TLS encryption is state > of the art, and has basically no cost of implementation thanks to > Let’s Encrypt, so is required especially for confidentiality. In my opinion (also not

[pfx] OT: Does the GPDR require mandatory/verified TLS encryption? (was: SMTP client: How to log reason for untrusted TLS connection to MX?)

Dear Jaroslow, Am 24.07.23 um 19:02 schrieb Jaroslaw Rafa via Postfix-users: Dnia 24.07.2023 o godz. 17:05:40 Paul Menzel via Postfix-users pisze: (Also from the legal perspective, without being a lawyer, I’d say, that actually all German (European) companies are required to only transmit mess

[pfx] Re: SMTP client: How to log reason for untrusted TLS connection to MX?

Dnia 24.07.2023 o godz. 17:05:40 Paul Menzel via Postfix-users pisze: (Also from the legal perspective, without being a lawyer, I’d say, that actually all German (European) companies are required to only transmit messages over a verified TLS connection.) On 24.07.23 19:02, Jaroslaw Rafa via Pos

[pfx] Re: SMTP client: How to log reason for untrusted TLS connection to MX?

Dnia 24.07.2023 o godz. 17:05:40 Paul Menzel via Postfix-users pisze: > (Also from the legal perspective, > without being a lawyer, I’d say, that actually all German (European) > companies are required to only transmit messages over a verified TLS > connection.) Never heard of such a requirement i

[pfx] Re: messages passing DMARC are being rejected as failing

I added that I can sent test messages via the same relay and they are delivered successfully -Original Message- From: Matus UHLAR - fantomas via Postfix-users Sent: Monday, July 24, 2023 12:09 PM To: postfix-users@postfix.org Subject: [pfx] Re: messages passing DMARC are being rejected a

[pfx] Re: messages passing DMARC are being rejected as failing

On 24.07.23 16:03, Gomes, Rich via Postfix-users wrote: Clarification below: I see no clarification, just added disclaimer. It says nothing about DMARC, just that the mail was sent from external organization. From: Gomes, Rich via Postfix-users Sent: Monday, July 24, 2023 11:27 AM To: post

[pfx] Re: messages passing DMARC are being rejected as failing

Clarification below: From: Gomes, Rich via Postfix-users Sent: Monday, July 24, 2023 11:27 AM To: postfix-users@postfix.org Subject: [pfx] messages passing DMARC are being rejected as failing CAUTION: This email was sent from an external sender. Do not click links or open attachments unless you

[pfx] messages passing DMARC are being rejected as failing

Asking the hive mind to see if anyone has seen this behavior. Application server sends reservation emails to postfix server running OpenDKIM, postfix sends directly to O365. Our DMARC policy is in REJECT mode. Messages are signed and the NAT is in our SPF record. Message headers state that the m

[pfx] Re: sender_dependend_relay_host_maps and local recipients

Hi Viktor, thank you. So, it's not possible to route email different when sent from an authenticated user through port 587, than imcoming email sent through port 25? This would avoid a loop, as far as I understand things... I think I'll set up a separate instance for the external accounts in the

[pfx] Re: SMTP client: How to log reason for untrusted TLS connection to MX?

Dear Viktor, Thank you for your reply. Am 23.07.23 um 23:42 schrieb Viktor Dukhovni via Postfix-users: On Sun, Jul 23, 2023 at 11:22:26PM +0200, Paul Menzel wrote: Does it really matter why some site offering opportunistic STARTTLS does not have a validatable certificate? The connection can

[pfx] Re: server does not pick up new certificates

On Mon, Jul 24, 2023 at 09:49:58AM -0400, Wietse Venema via Postfix-users wrote: > Bernardo Reino via Postfix-users: > > >> I cannot imagine why/when the cerbot client would fail to run the > > >> post-hooks (in a sane environment). > > > > > > Systems crash. What are the reliability guarantees

[pfx] Re: sender_dependend_relay_host_maps and local recipients

On Mon, Jul 24, 2023 at 03:53:17PM +0200, Robert Senger via Postfix-users wrote: > I have a few freemail accounts that I use mainly for testing and > special purposes. All those accounts are forwaring incoming mail to a > corresponding account at my ow server, like > "r.senger_@example.com". For s

[pfx] sender_dependend_relay_host_maps and local recipients

Hi all, I have a few freemail accounts that I use mainly for testing and special purposes. All those accounts are forwaring incoming mail to a corresponding account at my ow server, like "r.senger_@example.com". For sending, I've defined sender_dependent_relayhost_maps that relay all mail sent by

[pfx] Re: server does not pick up new certificates

Bernardo Reino via Postfix-users: > >> I cannot imagine why/when the cerbot client would fail to run the > >> post-hooks (in a sane environment). > > > > Systems crash. What are the reliability guarantees from the certbot > > client: will it run once, or will it somehow maintain state and > > reco

[pfx] Re: server does not pick up new certificates

On Mon, Jul 24, 2023 at 03:27:34PM +0200, Bernardo Reino via Postfix-users wrote: > > Systems crash. What are the reliability guarantees from the certbot > > client: will it run once, or will it somehow maintain state and > > recover when a run was interrupted by a system crash? > > In such cas

[pfx] Re: server does not pick up new certificates

On Mon, 24 Jul 2023, Wietse Venema via Postfix-users wrote: Bernardo Reino via Postfix-users: On Sun, 23 Jul 2023, Viktor Dukhovni via Postfix-users wrote: On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users wrote: In the case of the dehydrated ACME client (https://github.com/

[pfx] Re: server does not pick up new certificates

Bernardo Reino via Postfix-users: > On Sun, 23 Jul 2023, Viktor Dukhovni via Postfix-users wrote: > > > On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users > > wrote: > > > >> In the case of the dehydrated ACME client > >> (https://github.com/dehydrated-io/dehydrated) there's an opti

[pfx] Re: configuration for backup mx server

Am 24.07.23 um 02:21 schrieb Corey Hickman via Postfix-users: Hello My settings for backup MX server are as follows. Do you think if they have problems? I am looking for your kind suggestions. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_unau

[pfx] Re: server does not pick up new certificates

On Sun, 23 Jul 2023, Viktor Dukhovni via Postfix-users wrote: On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users wrote: In the case of the dehydrated ACME client (https://github.com/dehydrated-io/dehydrated) there's an option to run a bunch of commands on successful update, incl