Am 25.09.18 um 17:34 schrieb Viktor Dukhovni:
>
>
>> On Sep 25, 2018, at 9:29 AM, Paul Menzel wrote:
>>
>> We want to improve that. Unfortunately, DANE is not an option as the DFN
>> does not support that,
>
> What do you mean by "DFN does not support that"? If by "DFN" you mean
> "DFN-Verein"
Hi,
sorry for being sort of off-topic, but I believe this is the best list
to ask.
We're still using the gnarwl autoresponder on one of our systems and I
don't think we'll get rid of it too soon. The original upstream at
http://www.onyxbits.de/gnarwl
seems to be dead (the latest release
Hi Viktor,
> On Fri, Nov 07, 2014 at 07:48:02PM +0100, Bernhard Schmidt wrote:
>
>>> DANE does not apply to unsigned domains, even though the MX host
>>> might have TLSA RRs.
>>
>> Ah right, thanks for pointing that out. Should I be concerned that
>>
Hi Viktor,
Am 07.11.2014 um 15:39 schrieb Viktor Dukhovni:
> On Fri, Nov 07, 2014 at 02:04:27PM +0100, Bernhard Schmidt wrote:
>
>> However, sometimes mx2.bund.de negotiates an Anonymous TLS connection
>> and the mail gets delivered
>>
>> Nov 7 11:04:39 lxmh
Hi,
we run our outbound mailservers with DANE/DNSSEC enabled for quite some
time now. Works great.
It looks like one of the two MX for the German government changed
implementation yesterday, it now offers TLSv1.2 with ECDHE ciphers and a
new certificate. They apparently forgot to update the TLSA
Hi Steve,
>
We use sqlgrey as a policy daemon for greylisting. It runs on both our
mail servers with a shared database on one of them. If the database is
unavailable for some reason on the main server the backup rejects mail
with "451 4.3.5 Server configuration problem" Is it possible to change
Hi,
long story short, there is a bug in recent Seamonkey builds that emits
an empty hostname in EHLO on Windows platforms with IPv6, see
https://bugzilla.mozilla.org/show_bug.cgi?id=858540
This is extremely hard to debug when a user complains, because while
Postfix rejects it with 501
EHLO
501 S
Hello,
I have a small mail server, with ipv6 and i relay the email to my ISP
mail server. Their mail server have now ipv6, yet every time my
postfix tries to connect to their server it gives timeout:
Aug 13 12:51:27 paquete postfix/smtp[25083]: SSL_connect error to
smtp.sapo.pt[2001:8a0:2104:ff
Hello,
this is Semi-OT but since a lot of people run Postfix before Exchange I
hope to find some knowledge here. Also heads-up :-)
We have a couple of Exchange customers behind our frontend MX servers.
We don't turn them up until they have configured their HBT servers to
reject unknown recip
Am 16.01.2013 22:39, schrieb Wietse Venema:
Bernhard Schmidt:
Hello,
I did not find it in the manpage, in the odd chance I missed it, is
there something like check_sasl_access or check_username_access for
smtpd_mumble_restrictions?
We just had a compromised account being abused for spamming
Hello,
I did not find it in the manpage, in the odd chance I missed it, is
there something like check_sasl_access or check_username_access for
smtpd_mumble_restrictions?
We just had a compromised account being abused for spamming. We had him
on the radar before he even got his first mail del
On 23.09.2012 21:51, Ralf Hildebrandt wrote:
Hello,
>> - try to block as much spam as possible before forwarding (in our case
>> that would mean RBL and pre-queue filters, as we are not allowed to drop
>> mail we successfully received)
> I think you already have some sort of spam filtering in pla
On 19.09.2012 11:36, Ralf Hildebrandt wrote:
Hi,
I'm trying to debug a DNS issue:
# host www.pimda.eu
www.pimda.eu has address 88.208.252.197
Host www.pimda.eu not found: 3(NXDOMAIN)
Host www.pimda.eu not found: 3(NXDOMAIN)
Where does the NXDOMAIN come from?
# host -t a www.pimda.eu
www.pimd
Hi,
among our userbase are a couple of thousand people that forward their
mail to other domains (mostly freemails). This has the obvious and
well-known downside that any spam going to this user looks like it
originated in our network, which might lead to some reputation problems.
And of course the
Am 29.08.2012 13:34, schrieb Wietse Venema:
> Please run the attached programs ON THE AFFTECTED MACHINE. They
> show what Postfix gets from your libc routines.
>
> ./getnameinfo ipaddr
> ./getaddrinfo hostname (once for each result from getnameinfo).
So it's indeed the system resolver ... see the
Am 29.08.2012 13:20, schrieb Wietse Venema:
> Postfix logs a WARNING message if it has a problem with the hostname.
> Show that logfile message.
I have no warning message about that, that's what is bothering me. Even
with the test client in the debug_peer_list and debug_peer_level = 10
the output
Am 29.08.2012 13:05, schrieb Mike:
> On 12-08-29 08:01 AM, Bernhard Schmidt wrote:
>
>> We suspect (and verified with an internal client with custom rDNS)
>> that the _msdcs entry is at fault. This hostname does not seem to get
>> accepted. As soon as I remove the '_
Hello,
we are running Postfix (2.8.4 on SLES10.4 on that particular box, but I
also verified with 2.9.1 on Debian Squeeze) with
smtpd_client_restrictions =
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
(extensive whitelists of course as well). One sou
Am 07.05.2012 16:17, schrieb Bernhard Schmidt:
> It is in use, but not very broadly. I don't have that many users on this
> postfix instance, maybe someone with some more traffic can run a statistic.
Oops, I have to exclude our monitoring connection, then almost all MUAs
send SN
Am 07.05.2012 12:52, schrieb Wietse Venema:
> Fiona Hines:
>> How do I get TLS SNI support in Postfix?? I can't find any
>> documentation on the subject except a few discussions that are
>> several years old.? I've got TLS working with one domain but I
>> want to expand it to an unknown number of d
Am 20.12.2011 14:30, schrieb lst_ho...@kwsoft.de:
Hi,
Any idea how to allow all certificates issued by specific Sub-CAs,
without trusting everyone?
>>>
>>> As far as i understand you have to list the complete chain but only your
>>> sub-CA to get it working. So create a smtpd_tls_CAfile
Am 20.12.2011 10:24, schrieb lst_ho...@kwsoft.de:
Hello,
>> Any idea how to allow all certificates issued by specific Sub-CAs,
>> without trusting everyone?
>
> As far as i understand you have to list the complete chain but only your
> sub-CA to get it working. So create a smtpd_tls_CAfile with
Hi,
I'm having an issue I can't quite understand at the moment.
We are part of a larger PKI infrastructure run by the german NREN, which
is in the end rooted at the Deutsche Telekom.
- Deutsche Telekom Root CA 2
- DFN-Verein PCA Global - G01
- LRZ-CA - G01 <-- this is ours
- som
On 07.10.2011 21:20, Stan Hoeppner wrote:
If I may make a purely subjective comment: 2.5m spooled emails on a
single host is insane.
I'm not arguing that. In the end the system is supposed to cope with
300k mails in 24h, balanced on two servers, which I think can be
achieved without a lot o
Am 07.10.2011 16:01, schrieb lst_ho...@kwsoft.de:
>> Someone on the XFS mailinglist believed it could be filesystem
>> fragmentation after all. They need an aligned continous 16k block to
>> allocate a new inode chunk, otherwise it will fail. I'm going to test
>> that later.
>
> This could be che
Am 07.10.2011 12:12, schrieb Reindl Harald:
> Am 07.10.2011 10:41, schrieb Bernhard Schmidt:
>> Basically the only problem with postfix here is that I cannot have
>> queue_minfree > 2GB to be on the safe side, so I don't know how to avoid
>> this problem
> have y
Hi,
> It's not the number of inodes as it is common on ext2/ext3 but the
> percentage of space occupied by inodes which is dependant on the inode
> size, the number and the size of the volume. Check with xfs_info, on the
> filesystems we are using xfs on the percentage is 25% but it may be
> diffe
On 06.10.2011 22:49, lst_ho...@kwsoft.de wrote:
Hi,
lxmhs45:/var/spool/postfix-bulk/postfix-bulkinhss # touch a
touch: cannot touch `a': No space left on device
lxmhs45:/var/spool/postfix-bulk/postfix-bulkinhss # df .
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sdb 10475520 7471160
Hey,
a small not-quite but a bit postfix related issue.
We (or better said: an over-eager third party) have been running some
performance tests against our future outbound bulkmail platform (no, not
UCE, university stuff), which consists of multiple SLES11.1 VMs with 1GB
of RAM and 4 vCPU eac
Hi,
we are happily running several postfix installations accepting mails
from external sources and distributing them internally. To avoid
backscatter all internal destinations we don't have an LDAP connect for
are checked using address verification.
Until recently we ran version 2.7.1 and di
Hi,
> my ISP does not support ipv6
> my service for hosting support ipv6
Your system is not reachable from IPv6.
fakessh.eu. 38300 IN MX 10 mail.fakessh.eu.
mail.fakessh.eu.38303 IN
2001:41d0:2:3dd6:1234:5678:9abc:def0
schleppi% ping6 mail.fakessh
On 08.11.2010 21:13, Wietse Venema wrote:
Hi Wietse,
Nov 8 17:15:46 lxmhs17 postfix/smtpd[15061]: NOQUEUE: reject: RCPT from
unknown[fe80::250:56ff:fea9:2c72%vlan6]: 550 5.7.1 Client host rejected:
cannot find your reverse hostname, [fe80::250:56ff:fea9:2c72%vlan6];
from=<> to= proto=ESMTP
h
Hi,
postfix 2.7.1 on SLES 10.3 i586 (probably not important, but who knows).
We run a production mailserver with reject_unknown_client_hostname
enabled (for a few years now). To deal with the unavoidable
misconfigurations we have a very large whitelist which was created
automatically from yea
Martin Barry wrote:
Hi Martin,
> I noted that postfix is writing headers with "unknown" instead of the IPv6
> reverse DNS that I know exists.
>
> e.g.
>
> Received: from merboo.mamista.net (unknown [IPv6:2001:470:1f0b:1055::1])
> by tigger.mamista.net (Postfix) with ESMTP id 581F21100B4
On 02.02.2010 15:29, Victor Duchovni wrote:
Hi,
And, use "proxy:ldap:${config_directory}/ldap-aliases.cf", LDAP servers
typically don't like the connection concurrency that results from each
smtpd(8) and cleanup(8) using a separate connection. Don't do this,
however, with tables that are used b
"Ross Tsolakidis" wrote:
Hello Ross,
> However, my question (finally) is :)
>
> Received: from 217.21.80.109
> (SquirrelMail authenticated user
> redac...@fearmail.com.au
> by webmail.fearmail.com.au with HTTP;
>
> I have no user called 'redacted' in our email user auth d
36 matches
Mail list logo
