* John Griffiths via Postfix-users:
> I cannot reach the www.postfix.org server. I have to use a mirror if I
> want to get to the documentation.
According to the logs, traffic to www.postfix.org is as lively as usual,
with no outages reported. During the last 24 hours, around three score
IP addre
On 2/11/25 16:40, Wietse Venema wrote:
Specifically, the first example at the above URL:
/etc/postfix/header_checks.pcre:
/^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
hlp|ht[at]|
Phil Stracchino via Postfix-users:
> On 2/11/25 16:26, Wietse Venema via Postfix-users wrote:
> > Phil Stracchino via Postfix-users:
> >> On 2/11/25 14:53, Phil Stracchino wrote:
> >>> On 2/11/25 14:48, Florian Piekert wrote:
> Amazon.com in the filename.
>
> .com extension.
>
>
Please don't hijack threads. Regarding security, keep in mind that
all Postfix code is signed before publication. It cannot be compromised
as 'data in flight' to/from a mirror, or as 'data at rest' on a
mirror, as long as people validate PGP signatures. Those are stronger
guarantees than https can
On 2/11/25 16:26, Wietse Venema via Postfix-users wrote:
Phil Stracchino via Postfix-users:
On 2/11/25 14:53, Phil Stracchino wrote:
On 2/11/25 14:48, Florian Piekert wrote:
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
I imagine I should
Phil Stracchino via Postfix-users:
> On 2/11/25 14:53, Phil Stracchino wrote:
> > On 2/11/25 14:48, Florian Piekert wrote:
> >> Amazon.com in the filename.
> >>
> >> .com extension.
> >>
> >>>
> >>> /name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
> >
> >
> > I imagine I should make that regexp
It'as a TOR inner node, and some networks block that.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Viktor Dukhovni via Postfix-users wrote in
:
|On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-u\
|sers wrote:
...
|If so, that's pretty simple, you need a local DNSSEC validating resolver
|(BIND, unbound, knot, not systemd-resolved or dns-masq).
Why not dnsmasq?
$ d
On 2/11/25 11:33, Phil Stracchino via Postfix-users wrote:
I have mime_header_checks = pcre:/etc/postfix/mime_header_checks, but
that file contains only the following:
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
This regexp isn't anchored at the end.
So it matches (among other things)
On 2/11/25 14:53, Phil Stracchino wrote:
On 2/11/25 14:48, Florian Piekert wrote:
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
I imagine I should make that regexp:
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)\b/
(should a \b work here?)
On 2/11/25 14:48, Florian Piekert wrote:
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
I imagine I should make that regexp:
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)\b/
(should a \b work here?)
--
Phil Stracchino
Fenian House Publis
On 2/11/25 14:48, Florian Piekert wrote:
Amazon.com in the filename.
.com extension.
DOH!
Thank you :D
--
Phil Stracchino
Fenian House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
Am 11.02.2025 um 20:33 schrieb Phil Stracchino via Postfix-users:
Hey folks,
I have a puzzle that has me scratching my head. A few minutes ago I tried to
send a mail message with a PDF attachm
Sorry for hijacking this thread, but as the topic came up, I wanted to
recommend moving away from the current mirroring system (via plaintext ftp) to
newer methods.
@Wietse, you could regularly push your website to GitHub, as it is open-source
and freely accessible via FTP anyway. Pushing direc
Hey folks,
I have a puzzle that has me scratching my head. A few minutes ago I
tried to send a mail message with a PDF attachment ... and my mail
server rejected it.
Feb 11 14:05:03 minbar postfix/submission/smtpd[31748]: connect from
babylon5.caerllewys.net[10.24.32.10]
Feb 11 14:05:03 min
Hoping an admin is on this list and will unblock me.
John
On 2/11/25 14:10, Jim Garrison via Postfix-users wrote:
On 2/11/2025 10:45, John Griffiths via Postfix-users wrote:
Hit send too soon.
sudo traceroute -I 65.108.3.114
traceroute to 65.108.3.114 (65.108.3.114), 30 hops max,
On 2/11/2025 10:45, John Griffiths via Postfix-users wrote:
Hit send too soon.
sudo traceroute -I 65.108.3.114
traceroute to 65.108.3.114 (65.108.3.114), 30 hops max, 60 byte packets
1 router.internal.grifent.com (192.168.1.1) 0.212 ms 0.227 ms
0.221 ms
2 47.204.132.1 (
Hit send too soon.
sudo traceroute -I 65.108.3.114
traceroute to 65.108.3.114 (65.108.3.114), 30 hops max, 60 byte packets
1 router.internal.grifent.com (192.168.1.1) 0.212 ms 0.227 ms
0.221 ms
2 47.204.132.1 (47.204.132.1) 2.133 ms 2.127 ms 2.192 ms
3 ae10--100.ber01.
I was running traceroute as root.
On 2/11/25 13:37, Jim Garrison via Postfix-users wrote:
On 2/11/2025 09:43, John Griffiths via Postfix-users wrote:
I am trying to determine whether it is a routing issue or my IP or
domain have been blacklisted.
Running traceroute the problem appears to be
On 2/11/2025 09:43, John Griffiths via Postfix-users wrote:
I am trying to determine whether it is a routing issue or my IP or
domain have been blacklisted.
Running traceroute the problem appears to be at
ex9k1.dc6.hel1.hetzner.com (213.239.252.198) which is in Germany.
traceroute can be de
I am trying to determine whether it is a routing issue or my IP or
domain have been blacklisted.
Running traceroute the problem appears to be at
ex9k1.dc6.hel1.hetzner.com (213.239.252.198) which is in Germany.
traceroute to www.postfix.org (65.108.3.114), 30 hops max, 60 byte
packets
Hello,
that doesn't seem to be a general non-accessibility of the server:
root@sonne:~# host www.postfix.org
www.postfix.org is an alias for postfix-mirror.horus-it.com.
postfix-mirror.horus-it.com has address 65.108.3.114
postfix-mirror.horus-it.com has IPv6 address 2a01:4f9:6a:528d::a
root@son
Sorry for the interruption of postfix technical discussions.
I cannot reach the www.postfix.org server. I have to use a mirror if I
want to get to the documentation.
I've found using host and dig that www.postfix.org is a cname for
postfix-mirror.horus-it.com (65.108.3.114). That mirror is
On Tue, Feb 11, 2025 at 11:20:54AM +0100, Danjel Jungersen via Postfix-users
wrote:
> On 11-02-2025 10:31, Viktor Dukhovni via Postfix-users wrote:
> > Use a validating resolver on the local machine as a cache that forwards
> > to that upstream. You SHOULD NOT trust the AD bit from a resolver
>
On 11-02-2025 10:31, Viktor Dukhovni via Postfix-users wrote:
Use a validating resolver on the local machine as a cache that forwards
to that upstream. You SHOULD NOT trust the AD bit from a resolver
running on another machine, the DNS protocol (DoH aside, when you
fully trust the upstream) is n
On Tue, Feb 11, 2025 at 09:12:16AM +0100, Danjel Jungersen via Postfix-users
wrote:
> On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
> > On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via
> > Postfix-users wrote:
> >
> > > I have decided to give it a shot.
> > When you
On Tue, Feb 11, 2025 at 01:06:02AM -0800, Dan Mahoney wrote:
> >
> > https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/thread/NKDBQABSTAAWLTHSZKC7P3HALF7VE5QY/
>
> Followon question, related to openSSL versus Postfix, but relevant for those
> of us trying to understand the monitor
> On Feb 10, 2025, at 01:59, Viktor Dukhovni via Postfix-users
> wrote:
>
> On Mon, Feb 10, 2025 at 12:22:44AM -0800, Dan Mahoney via Postfix-users wrote:
>
>> I’d like to turn this into a check in our internal monitoring, since we
>> do occasionally roll the cert on our MXes (which need to b
On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE*outbound* in
your Postfix SMTP client, i.e. verify the D
On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE*outbound* in
your Postfix SMTP client, i.e. verify the D
30 matches
Mail list logo
