[pfx] Re: maillog_file Setting Breaks SELinux on RHEL

On Sat, Dec 21, 2024 at 4:48 AM Peter via Postfix-users wrote: > This is not going to be considered a bug. The configuration shipped > with the postfix package from RHEL uses syslog to log to the maillog > file and it's expected that if you change that then you'll be Yes, I wholeheartedly agree

[pfx] Re: maillog_file Setting Breaks SELinux on RHEL

On Sat, Dec 21, 2024 at 1:34 AM Michael Tokarev via Postfix-users wrote: > The prob with postfix and all these system-specific security mechanisms > is that you can configure any path for the log file in postfix's main.cf, > and you have to adjust the security mechanism accordingly, -- there's Y

[pfx] maillog_file Setting Breaks SELinux on RHEL

Curious if there are others using the maillog_file setting who have found that "out of the box" RHEL 8+ or 9+ will not allow Postfix to start? I worked around the issue by creating a policy module for testing purposes thanks to the help the SELInux Tool gave me (#sealert -l "*") with the suggestio

[pfx] smtp_tls_connection_reuse HowTo?

Is there a HowTo web page that I am overlooking to implement TLS connection reuse? I believe my lack of caching of TLS connections to my upstream gateway is causing performance issues when the tidal wave of ListServ emails hit me. Based on my read of the documentation I think these things need to

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks identical to what you posted for Fedora. I am not a RHEL expert but I have not see any references to opt out of the crypto policy on a per application basis. You can customize an existing crypto policy or create your own. I t

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

so it can be wiped and recycled. On Fri, May 5, 2023 at 7:29 PM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > > > postfix/smtpd[1234567]: SSL_accept error from > xxx.xxx.xxx[y

[pfx] TLS Library Problem? (SSL_accept error from ...)

I have setup Postfix so that internally I offer TLS to systems but do not require it since I have no control over their configuration. I did extensive testing to ensure that the mail gateway supports TLS and accepts email from another Postfix system where TLS is disabled. But today I found a syst