LE announced a while back that they would not renew the cross cert.
Their root was expiring and they chose not to pay for a cross for
the replacement.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
___
Postfix-users mailing list -- postfix
>>>>> "WV" == Wietse Venema writes:
WV> This is how three years ago I solved IPv6 problems for all domains
WV> that have Google as an MX host.
Also works perfectly here.
Thanks!
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
accepting from me, too,
recently. And I have ptr, dkim and spf all configured.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
certificate does not match the expected.
`
unless one adds not only --dane, but also --no-ca-verification. Which
is expected given the cert and the 3_0_1 tlsa.
posttls-finger mail.cryptedmail.eu shows that postfix will be happy to
deliver there, requiring tls if so configured.
-JimC
-
think is nonsense.
The MXs also show one mail per socket, and as I noted elsewhere netstat
shows several concurrent ESTABLISHED to each MX.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
TARTTLS, non-TLS destinations are still
VD> cached).
Any chance of changing that in future versions?
There should be no reason to have to use separate connections per
message just because tls is used.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
se = btree:${data_directory}/smtp_scache
smtp_tls_security_level = dane
smtp_tls_note_starttls_offer = yes
interfere with concurrency limits?
That box has pf 2.11.1.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
Is there some kind of fix I can employ here for this particular
TS> server?
If you run a resolver locally on the box, it will switch to tcp to get
the full answer. And since the mtu on the lo interface is usually much
larger than an ethernet mtu (linux uses an mtu of 65535) libc's
>>>>> "AD" == Arthur Dent writes:
AD> I don't want postfix to do anything other than deliver to procmail.
Postfix works fine here for that.
I use, in main.cf:
mailbox_command = /usr/bin/procmail -pt
and, in .fetchmailrc:
defaults mda "/usr/sbin/se
min is to get the legitimate mail through while
blocking the harmful crud. Not to block legitimate remotes which
are imperfect.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
y it appeared to be due to new v6 routes and autoconfig surprising
the mta admins.
The ones I've seen have all been otherwise well run, legitimate technical
mailing lists usually hosted at a university or at commercial vps lessors.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
general, the name returned by the MX lookup is used as the TLS server
name when tls verification is attempted.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
ally, everywhere you have mysql:... make it proxy:mysql:
Read the proxymap(8) man page for full details.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
13 matches
Mail list logo
