[pfx] Re: submission behind haproxy, need to use a specific principal in keytab

on Mon, Oct 30, 2023 at 08:19:16PM -0400, Brendan Kearney via Postfix-users wrote: > I am setting up submission behind haproxy and want to use kerberos > authentication via SASL. Do you mean *actual* Kerberos authentication (as in the SASL GSSAPI mechanism) with Kerberos tickets provided by the

[pfx] submission behind haproxy, need to use a specific principal in keytab

list members, i am setting up submission behind haproxy and want to use kerberos authentication via SASL.  i have setup saslauthd, configured postfix and submission and generated the keytab. because i want load balancing, the keytab has to match the name of the VIP on haproxy, not the individu

[pfx] Re: Recommendation for dkim signing

On Mon, Oct 30, 2023 at 03:54:10PM -0400, Scott Kitterman via Postfix-users wrote: > > Scott Kitterman, when he gets around to reading this thread will I hope > > have more to say the subject. > > I've implemented the options from OpenDKIM that I thought made sense. If > it's > in the document

[pfx] Re: Recommendation for dkim signing

On Monday, October 30, 2023 3:10:22 PM EDT Viktor Dukhovni via Postfix-users wrote: > On Mon, Oct 30, 2023 at 10:06:46AM +0100, Jens Hoffrichter via Postfix-users wrote: > > We are looking into implementing DKIM signing for one of our services, > > and there are multiple ways to implement that. >

[pfx] Re: Recommendation for dkim signing

Viktor Dukhovni: > Though dkimpy-milter is likely the more future-proof choice, perhaps > OpenDKIM is slightly more polished at present, be it also dated ( > lacking some of the newer algorithms). > > For signing, lack of bleeding-edge algorithms is less important, so if > you're not also validati

[pfx] Re: Recommendation for dkim signing

postfix-users@postfix.org wrote in : |On Mon, Oct 30, 2023 at 10:06:46AM +0100, Jens Hoffrichter via Postfix-u\ |sers wrote: | |> We are looking into implementing DKIM signing for one of our services, |> and there are multiple ways to implement that. |> |> So far I have found that you can

[pfx] Re: Recommendation for dkim signing

It seems to me there is not much interest of mail operators in stepping to ed25519, reducing the payload of DNS and email? I know dkimpy supports it (and more -- but is python, uuuh!) for long, but OpenDKIM is unchanged for eight years. (At least my sf.net import from 2017-09-23 still stands.) Bt

[pfx] Re: Recommendation for dkim signing

On Mon, Oct 30, 2023 at 10:06:46AM +0100, Jens Hoffrichter via Postfix-users wrote: > We are looking into implementing DKIM signing for one of our services, > and there are multiple ways to implement that. > > So far I have found that you can do it with opendkim and amavis - any > recommendation

[pfx] Re: Recommendation for dkim signing

https://crates.io/crates/dkim-milter is yet another option that I’m working on. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: FW: Wrong email in DMARC dns

On Mon, Oct 30, 2023 at 02:36:33PM +0100, Szymon Malinowski via Postfix-users wrote: > You see the point? We got stuck in a loop of sending DMARC reports which are > beeing bounced because of unknown user. > Is there any way to prevent such situations? Don't send failure reports, ever. At least

[pfx] Re: FW: Wrong email in DMARC dns

Szymon Malinowski via Postfix-users: > You see the point? We got stuck in a loop of sending DMARC reports which are > beeing bounced because of unknown user. > > Is there any way to prevent such situations? Many decennia ago, in RFC 821, and perhaps earlier, the solution to avoid email error noti

[pfx] FW: Wrong email in DMARC dns

Hello We've just launched postfix with Mailscanner and spamassasin on our mail server. Everything is working great, but we've encountered very funny and strange problem. We've recieved an email which was classified as spamm by it's sender IP address by RBL list. Additionally sender

[pfx] Re: Recommendation for dkim signing

On 30/10/23 19:06, Jens Hoffrichter via Postfix-users wrote: We are looking into implementing DKIM signing for one of our services, and there are multiple ways to implement that. FWIW I use this script on top of a regular opendkim deb install... https://github.com/markc/sh/blob/main/bin/dkim

[pfx] Re: Recommendation for dkim signing

On 30.10.23 10:06, Jens Hoffrichter via Postfix-users wrote: We are looking into implementing DKIM signing for one of our services, and there are multiple ways to implement that. So far I have found that you can do it with opendkim and amavis - any recommendation for one or the other, or maybe s

[pfx] Re: Recommendation for dkim signing

On Mon, 30 Oct 2023, Jens Hoffrichter via Postfix-users wrote: We are looking into implementing DKIM signing for one of our services, and there are multiple ways to implement that. So far I have found that you can do it with opendkim and amavis - any recommendation for one or the other, or mayb

[pfx] Recommendation for dkim signing

Hi! We are looking into implementing DKIM signing for one of our services, and there are multiple ways to implement that. So far I have found that you can do it with opendkim and amavis - any recommendation for one or the other, or maybe something completely different I haven't found yet? Thanks