[pfx] Small COMPATIBILITY_README.html typo

2025-07-10 Thread Emmanuel Fusté via Postfix-users
Hello, In the xxx_tls_level section: Postfix version 3.11 changes the default value for client TLS security levels from "empty" to "yes". Should be if I am not mistaken: Postfix version 3.11 changes the default value for client TLS security levels from "empty" to "may". Regards, Emmanuel. ___

[pfx] Re: What does dkim=pass (2048-bit key; unprotected) mean?

2025-03-08 Thread Emmanuel Fusté via Postfix-users
Le 08/03/2025 à 20:37, Waldo Nell via Postfix-users a écrit : I received an email sent via HubSpot.  It has two DKIM signatures.  Postfix shows this: Authentication-Results: DOMAIN1; dkim=pass (2048-bit key; secure) header.d=DOMAIN2 header.i=@DOMAIN2 header.a=rsa-sha256 header.s=hs1 header.b=

[pfx] Re: SPF hostname and domainname

2024-06-20 Thread Emmanuel Fusté via Postfix-users
Le 21/06/2024 à 00:13, John Levine a écrit : It appears that Emmanuel Fusté via Postfix-users said: In the general case (not null sender), HELO SPF validation does not interfere with DMARC as DMARC only use the MAIL FROM identity. There was historically a bug in some DMARC implementation witch

[pfx] Re: SPF hostname and domainname

2024-06-20 Thread Emmanuel Fusté via Postfix-users
Le 20/06/2024 à 21:13, Wietse Venema via Postfix-users a écrit : Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-argumen

[pfx] Re: Capture Bounced Email Headers & Content

2024-06-05 Thread Emmanuel Fusté via Postfix-users
defined in single-wild.porcupine.org zone. Thus, when A record for mail01-t122.raystedman.org already exists, the *.raystedman.org TXT record will not cover it and explicit TXT for mail01-t122.raystedman.org must be created (I see it's been done) On 05.06.24 14:55, Emmanuel Fusté via Po

[pfx] Re: Capture Bounced Email Headers & Content

2024-06-05 Thread Emmanuel Fusté via Postfix-users
Le 05/06/2024 à 14:01, Matus UHLAR - fantomas via Postfix-users a écrit : Matus UHLAR - fantomas via Postfix-users: >- Create a wild-card SPF policy for *.raystedman.org that permits >all your SMTP client IP addresses. Sorry: wildcard in DNS only applied for non-existing names and since the hos

[pfx] Re: Capture Bounced Email Headers & Content

2024-06-04 Thread Emmanuel Fusté via Postfix-users
Le 04/06/2024 à 17:02, Wietse Venema via Postfix-users a écrit : Greg Sims via Postfix-users: We had another DMARC Failure last night. The email ended up at the gmail level. X-Original-Authentication-Results: mx.google.com; spf=none (google.com: mail01-t122.raystedman.org does not

[pfx] Re: TLS for SMTP Outbound -- Only One tlsproxy

2024-05-22 Thread Emmanuel Fusté via Postfix-users
Le 22/05/2024 à 12:35, Greg Sims via Postfix-users a écrit : Thank you again for your feedback on this issue. I watched the workload in real time this morning and now have more insight into what is happening. It appears the large ISPs are using TLS connection as a way to throttle incoming traff

[pfx] Re: Postfix using proxy protocol outbound?

2023-12-21 Thread Emmanuel Fusté via Postfix-users
Le 21/12/2023 à 10:03, Joachim Lindenberg via Postfix-users a écrit : Emmanuel, please read the thread https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the beginning. SOCKS5 was already considered as an alternative to proxy protocol. If you want to bash nginx then ple

[pfx] Re: Postfix using proxy protocol outbound?

2023-12-20 Thread Emmanuel Fusté via Postfix-users
Le 20/12/2023 à 21:25, Joachim Lindenberg via Postfix-users a écrit : Emmanuel : That's crazy, If you're able to run a dedicated proxy instance, you're able to run an outboud postfix instance too: the perfect proxy software for smtp/postfix is postfix. Otherwise it means that you're trying to

[pfx] Re: Postfix using proxy protocol outbound?

2023-12-20 Thread Emmanuel Fusté via Postfix-users
Le 20/12/2023 à 20:53, Joachim Lindenberg via Postfix-users a écrit : Wietse: Obviously, nginx will not know the Postfix SMTP client protocol stage, and the nginx settings will have to match the largest Postfix timeouts to avoid persistent mail delivery problems with some sites. Settings optima

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

2023-08-16 Thread Emmanuel Fusté via Postfix-users
Le 15/08/2023 à 23:12, Viktor Dukhovni via Postfix-users a écrit : On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote: 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from [52.101.56.17]:32607 to [209.123.234.54]:25 2023-08-14T13:11:59.860098-04:00

[pfx] Re: MX load balancing

2023-05-30 Thread Emmanuel Fusté via Postfix-users
Le 30/05/2023 à 16:07, Benny Pedersen via Postfix-users a écrit : Viktor Dukhovni via Postfix-users skrev den 2023-05-30 14:30: There's no good reason to have mail sent to mx2 unless mx1 is down. and subject says load balancing, not backup mx imho OP asked not to have mx backup, but load bal

[pfx] Re: invalid and non-fqdn hostname

2023-04-06 Thread Emmanuel Fusté via Postfix-users
Le 06/04/2023 à 16:44, Emmanuel Fusté a écrit : Le 06/04/2023 à 14:09, Emmanuel Fusté a écrit : Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non-AS

[pfx] Re: invalid and non-fqdn hostname

2023-04-06 Thread Emmanuel Fusté via Postfix-users
Le 06/04/2023 à 14:09, Emmanuel Fusté a écrit : Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non-ASCII characters in host/domain names :) You can

[pfx] Re: invalid and non-fqdn hostname

2023-04-06 Thread Emmanuel Fusté via Postfix-users
Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non-ASCII characters in host/domain names :) You can dig the UTF8 hostname, they are valid for query.