Re: TLS 1.0 with Outlook 2010 and Windows XP

2022-03-14 Thread lst_hoe02
Zitat von Jeroen Geilman : Is outlook a requirement? That is easiest to replace with e.g. thunderbird To my knowledge the Software is using the old Outlook API because Outlook is used in the background to simply send mail without starting the GUI. But i will double check if Tunderbird wou

Re: TLS 1.0 with Outlook 2010 and Windows XP

2022-03-14 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Sun, Mar 13, 2022 at 08:35:02PM +, lst_ho...@kwsoft.de wrote: We have a Postfix Server Version 3.3 and Openssl 1.1.1 on Ubuntu 18.04 LTS. One user has the need to send e-mail from an age old Windows XP VM used because of a special not any more available sof

TLS 1.0 with Outlook 2010 and Windows XP

2022-03-13 Thread lst_hoe02
Hello, we have a Postfix Server Version 3.3 and Openssl 1.1.1 on Ubuntu 18.04 LTS. One user has the need to send e-mail from an age old Windows XP VM used because of a special not any more available software. I have tried to not deactivate TLS 1.0 as Outlook/XP should be able to use this,

Re: Postfix "IPv6-only" - experience/recommendation question

2020-05-13 Thread lst_hoe02
Zitat von "@lbutlr" : On 11 May 2020, at 04:24, Jaroslaw Rafa wrote: Someone told me… that Google is more likely to classify email from small senders as spam if they are sent via IPv6, and less likely if they are sent via IPv4. Short of Google publishing this information, I doubt that a

Re: TLS client certificates and auth external

2019-04-23 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Apr 19, 2019, at 1:10 PM, Wietse Venema wrote: Using a name instead of cert fingerprint also requires revocation checking. Cert revocation is not needed, as long as there is an an explicit mapping like: certificate identity -> permit/etc action certif

Re: TLS client certificates and auth external

2019-04-18 Thread lst_hoe02
Zitat von Wietse Venema : lst_ho...@kwsoft.de: What is the way to go to take part of the feature development? I looks like we need a slight modification of the auth external as described. Mailin glist discussions. Eventually there will be a postfix--nonprod release that combines all th

Re: TLS client certificates and auth external

2019-04-18 Thread lst_hoe02
Zitat von Emmanuel Fusté : You need the relay_clientcerts map with relay_clientcerts_auto mode. Put the fingerprint or pkey_fingerprint and the mapped SASL identity in the file and it will work For example: 43:B6:FE:07:BB:2E:BF:86:8A:4D:2A:DD:78:07:09:C6    xxx.kwsoft.de Will try that, bu

Re: TLS client certificates and auth external

2019-04-18 Thread lst_hoe02
Zitat von Emmanuel Fusté : Hello, Great piece of work ! It solve a big part of my problem, but sadly I need to go deeper. Le 18/03/2019 à 22:45, Bastian Schmidt a écrit : In the meantime I have completed a patch and sent it to Wietse and Victor, which adds an option smtpd_sasl_tls_ccert

Re: TLS client certificates and auth external

2019-04-18 Thread lst_hoe02
Zitat von Wietse Venema : lst_ho...@kwsoft.de: This sounds like the feature we will need. I doubt the client would be able to do real AUTH, but we have to trust/relay based on the CN of a validated certificate. Is there any progress merging this in the 3.5 line or do i have to poke around wit

Re: TLS client certificates and auth external

2019-04-11 Thread lst_hoe02
Zitat von Emmanuel Fusté : Le 27/03/2019 à 18:10, Emmanuel Fusté a écrit : Le 27/03/2019 à 17:14, Viktor Dukhovni a écrit : On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: The goal is to be as transparent as possible : - if the client is not found in the relay_clientcerts,

Re: permit_tls_clientcerts with CN matching

2019-03-31 Thread lst_hoe02
Zitat von Wietse Venema : lst_ho...@kwsoft.de: Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will change. As far as i can

permit_tls_clientcerts with CN matching

2019-03-27 Thread lst_hoe02
Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will change. As far as i can see Postfix is only able to use certificate

Re: Postfix, Hotmail never arrive

2017-03-08 Thread lst_hoe02
Zitat von Maurizio Caloro : Hello Together Today i have contact Microsoft, but i dont have any News. "My name is 123 and I work with the Outlook.com Deliverability Support Team. We have reviewed your IP(s) *(*w.x.y.z*) *and determined that messages are being filtered (i.e. sent to the Jun

Re: Mitigating From field spoofing (revised)

2016-07-05 Thread lst_hoe02
Zitat von Jack beanstallk : Noel Jones megan.vbhcs.org> writes: This is not something built into postfix. As an alternative, use SPF and DKIM to detect forged mail claiming to be from your own domain. -- Noel Jones Just to clarify is this something that is not built into postfix with

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

2016-04-11 Thread lst_hoe02
Zitat von jaso...@mail-central.com: On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote: On a system where you know enough about all your users to know that they don't want to get critical email from clueless sources, you can make restrictive choices with no trouble. If you don't actually know

Re: bad.psky.me RBL?

2016-04-06 Thread lst_hoe02
Zitat von Quanah Gibson-Mount : Is anyone familiar with this RBL and its quality? Not a whole lot of info at . Terms seem probably ok . If there isn't a lot of info, expect the worst. You should always be aware that you "outsource"

Re: Questions about SSL for outgoing emails

2015-09-24 Thread lst_hoe02
Zitat von Michael Peter : Hello, smtpd_tls_security_level = encrypt smtp_tls_security_level = encrypt I configured postfix to use encryption for incoming and outgoing emails. but incase the receipt has untrusted certificate or self signed certificate, postfix still deliver the email. How t

Re: Conditional Greylisting

2015-09-19 Thread lst_hoe02
Zitat von Bruce Marriner : On Friday, September 18, 2015 04:59 PM CDT, "Bill Cole" wrote: On 18 Sep 2015, at 14:29, Bruce Marriner wrote: > So I want to be able to set up Postfix so, if it passes DKIM or other > checks that give me a high confidence then just skip the postgrey > stuff > e

Re: Importance of keeping DANE TLSA records correct.

2015-08-22 Thread lst_hoe02
Zitat von Viktor Dukhovni : Until now, most DANE deployments have been on small hobbyist machines, by people who mostly don't correspond with each other. So if a particular domain's TLSA RRs were broken, nobody noticed. This is about to change. The German email providers web.de and gmx.de hav

Re: SMTPUTF8 usage

2015-08-20 Thread lst_hoe02
Zitat von Mike Cardwell : * on the Thu, Aug 20, 2015 at 05:36:38PM +0200, Benny Pedersen wrote: What mail products are SMTPUTF8-compliant at this time? will it ever be needed ?, with idn domains it allready encoded into 7bit, is postfix translate this to utf8 ?, dont know here since thunde

Re: Messagelabs rejects mails from my MTA - how to debug ?

2015-03-17 Thread lst_hoe02
Zitat von Marek Salwerowicz : Hi list, Yesterday I was informed by Users, that they can't send e-mails to one of the banking institutions (so it's a little 'urgent' in businesses manner). The mails are rejected by Messagelabs / Symantec Cloud System, but do not provide any relevant i

Re: Bandwidth choke issue between remote offices and SMPT server.

2015-03-13 Thread lst_hoe02
Zitat von jayesh shinde : Hi , I am facing problem of bandwidth choke issue between remote location and SMPT server. Please giude for below. Want to know how the other busy servers are handling such issues. scenario  :-- - 1) I have centralize high traffic SM

Re: FREAK cipher-suite hygiene for Postfix

2015-03-04 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Mar 04, 2015 at 07:53:18AM +, Viktor Dukhovni wrote: Now that the FREAK attack is widely disclosed, those of you who run SMTP servers that peer with clients that authenticate your server (be it via the traditional PKI or via DANE), might want to tighten

Re: detecting encryption for outgoing mail

2015-02-16 Thread lst_hoe02
Zitat von John : A couple of the servers I support are medical offices, and for patient confidentiality reasons they need to send email out encrypted. After a lot of discussion they have come to the conclusion that in order to avoid accidentally sending confidential data unencrypted, all

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de: You are putting too much of meaning in a DNS token. There is no global rule or RFC about the interpretation of the string forming this token. I'm totaly free to call my host bad-host-static-0815.example.com. whic

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 04.02.2015 um 22:54 schrieb Noel Jones: On 2/4/2015 3:12 PM, li...@rhsoft.net wrote: *sadly* that sort of incoming rules is not widespreaded enough, otherwise spam from infected botnet zombies would no longer exist and frankly the rule for "IPhfc.comcastbus

Re: TUNING_README: "persistent write cache"?

2015-02-04 Thread lst_hoe02
Zitat von Andrew Bourgeois : Hello What does "Speed up disk updates with a large (64MB) persistent write cache." mean (source: http://www.postfix.org/TUNING_README.html)? Does this talk about the "dirty ratio" or is it something else? Google didn't help me on this one. Thanks in advance! Bes

Re: Using greylisting and other policies all in one. Use built in Postifx policy functions or other popular ones?

2015-01-28 Thread lst_hoe02
Zitat von srach : I have read the documents for some different Greylisting opportunities for Postfix This built into Postfix http://www.postfix.org/SMTPD_POLICY_README.html#greylist and popular ones http://wiki.policyd.org http://postgrey.schweikert.ch I am not finding a modern comparison

Re: Postfix´s sendmail command configuration

2015-01-04 Thread lst_hoe02
Zitat von m.dvo...@annkar.cz: I have a script where sendmail command is used BUT I need to specify to via SMTP server (espec. port) will sendmail send email. It is simply. marek Marek Dvorak email: m.dvo...@annkar.cz tel : 777 691 528 skype: dvorak.marek As said the "sendmail" binary dro

Re: enable_long_queue_ids vowels are unsafe why?

2015-01-02 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 02.01.2015 um 17:41 schrieb lst_ho...@kwsoft.de: Zitat von wie...@porcupine.org: Jeffrey 'jf' Lim: As per subject. http://www.postfix.org/postconf.5.html#enable_long_queue_ids says: "For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet." I

Re: enable_long_queue_ids vowels are unsafe why?

2015-01-02 Thread lst_hoe02
Zitat von wie...@porcupine.org: Jeffrey 'jf' Lim: As per subject. http://www.postfix.org/postconf.5.html#enable_long_queue_ids says: "For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet." In what way are vowels unsafe? Postfix should not generate offensive text such as

Re: Why does SPF fail sometimes?

2014-12-15 Thread lst_hoe02
Zitat von "James B. Byrne" : On Sun, December 14, 2014 20:05, Richard Damon wrote: DMARC says that if a domain requests DMARC protection then any message that has a RFC5322 domain pointing to it, must be verifiable as coming from that domain, thus such an address can NOT use a 3rd party (like

Re: And Ident - port 113

2014-12-05 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 05.12.2014 um 14:00 schrieb Robert Moskowitz: I also have ident - port 113 open on the firewall. But not only is it not open on the server's firewall, I don't see a listen for it with 'netstat -na|grep113' I do recall that ident was one thing some MTAs wanted.

Re: google bouncing emails - ipv6 ptr problem?

2014-11-23 Thread lst_hoe02
Zitat von John : On 11/22/2014 9:45 AM, Robert Schetterer wrote: Am 22.11.2014 um 14:50 schrieb A. Schulze: wietse: A. Schulze: So instead implementing strange workarounds, one should search, find, understand and fix the real problem. Google bounced my mail because of a temp error. I chan

Re: google bouncing emails - ipv6 ptr problem?

2014-11-22 Thread lst_hoe02
Zitat von "A. Schulze" : wietse: A. Schulze: So instead implementing strange workarounds, one should search, find, understand and fix the real problem. Google bounced my mail because of a temp error. I changed nothing in my DNS or DKIM. It's their bug, not mine. I don't expect your setup

Re: google bouncing emails - ipv6 ptr problem?

2014-11-20 Thread lst_hoe02
Zitat von wie...@porcupine.org: Robert Moskowitz: Perhaps this should go to the bind list, but all of my checking shows my ipv6 ptr record is working. This started, I think, last week. I was running an old mailserver and sent many an email to the cubieboard list. I had one email bounce las

Re: TLS SNI support

2014-11-07 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 07.11.2014 um 09:35 schrieb Michael Ströder: Peter wrote: It's pointless for MX hosts because they don't validate the certificate anyways. Which has to be changed Google: DANE and Viktors recent response in that thread don't require SNI my god the reason f

Re: TLS SNI support

2014-11-07 Thread lst_hoe02
Zitat von Michael Ströder : Peter wrote: It's pointless for MX hosts because they don't validate the certificate anyways. Which has to be changed. Ciao, Michael. http://www.postfix.org/TLS_README.html#client_tls_dane Doesn't need SNI either... Regards Andreas smime.p7s Description

Re: SPF and leboncoin.fr vs sfr.fr

2014-05-28 Thread lst_hoe02
Zitat von Benny Pedersen : lst_ho...@kwsoft.de skrev den 2014-05-28 18:54: But as always YMMV if spf pass and its spam why not reject that sender domain in postfix ? any solution always changes the problem :=) The domains change at least once per week, the netblock every 3-6 months but

Re: SPF and leboncoin.fr vs sfr.fr

2014-05-28 Thread lst_hoe02
Zitat von Daniele Nicolodi : On 28/05/2014 17:19, Robert Schetterer wrote: you may set your SPF Record to ~allSoftFail Thanks Robert, I've done that. invest in dkim and dmarc What advantages would that bring to me? I implemented SPF just because otherwise the very big providers wou

Re: Evangelizing DNSSEC and DANE

2014-05-24 Thread lst_hoe02
Zitat von lst_ho...@kwsoft.de: Not sure if someone already noticed (in German): http://www.heise.de/newsticker/meldung/Bund-sichert-ueberraschend-Mailtransport-per-DANE-ab-2196565.html Looks like the german government is at least in progress of setup DANE for e-mail for domain "bund.de" W

Re: Evangelizing DNSSEC and DANE

2014-05-24 Thread lst_hoe02
Not sure if someone already noticed (in German): http://www.heise.de/newsticker/meldung/Bund-sichert-ueberraschend-Mailtransport-per-DANE-ab-2196565.html Looks like the german government is at least in progress of setup DANE for e-mail for domain "bund.de" Would be a big "marketing" point

Re: SMTP STARTTLS - "best practices"?

2014-04-25 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Apr 23, 2014 at 04:54:44PM +0200, lst_ho...@kwsoft.de wrote: Are there any experience with DNSSEC capable DNS Providers at the lower cost range suitable for KMU? I've not looked at the cost of full-service DNS outsourcing. Some of the .org registrars are

Re: SMTP STARTTLS - "best practices"?

2014-04-23 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Apr 23, 2014 at 04:21:14PM +0200, Per Thorsheim wrote: RFC3207 says publicly available servers are required to support plaintext and fallback to plaintext if cipher negotations etc fail. Correct. It seems to me as if mailadmins prefer supporting "everyt

Re: Asking about heartbleed

2014-04-10 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote: I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug affect a TLS service like submission? In pretty much the same way that it applies to web services. * SSL/TLS Private

Re: Gateway Server queues too many mails

2014-02-27 Thread lst_hoe02
Zitat von Nikolaos Milas : On 27/2/2014 4:40 μμ, Nikolaos Milas wrote: Now that amavis seems to be running correctly, how can I resend immediately those suspended mails? Unfortunately, I am afraid that after I run postqueue -f and messages were moved to the active queue, amavisd again to

Re: TLS client logging PATCH

2014-02-26 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 26.02.2014 12:48, schrieb Wietse Venema: lst_ho...@kwsoft.de: Yes, of course. In practice, for most users, the local resolver is by far the simplest configuration. Is or will this be "enforced" by Postfix in some way for DANE? Postfix does not parse /etc/re

Re: TLS client logging PATCH

2014-02-26 Thread lst_hoe02
Zitat von wie...@porcupine.org: lst_ho...@kwsoft.de: > Yes, of course. In practice, for most users, the local resolver > is by far the simplest configuration. Is or will this be "enforced" by Postfix in some way for DANE? Postfix does not parse /etc/resolv.conf. Wietse Thanks!

Re: TLS client logging PATCH

2014-02-26 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Feb 26, 2014 at 07:43:25AM +0100, Erwan David wrote: > The local resolver can have the resolvers on the LAN configured as > forwarders, but you need the local stub resolver. No reason not to have > one, really, especially on a busy mail server. However you

Re: network is unreachable

2014-02-11 Thread lst_hoe02
Zitat von c cc : Hi all, Thanks for all your help. Since we are using EC2 from Amazon and they don't support ip6 on EC2, they recommended me to force Postfix to send email using ipV4 by changing: inet_protocols = all to inet_protocols = ipv4 and restart or reload Postfix If I change to ipV

Re: network is unreachable

2014-02-11 Thread lst_hoe02
Zitat von c cc : Andreas, Thanks for your quick reply--is there a setting in Postfix that I should configure to fix this problem? Thanks! Charles You might try with IPv4 only with "inet_protocols=ipv4" but you should first check if you can reach them by IPv4 anyway. But to really solve

Re: network is unreachable

2014-02-11 Thread lst_hoe02
Zitat von c cc : Hi, All of the sudden, we can't send any email to one particular domain, and below is the error message we got. Does anyone have any idea how to fix this problem? Thanks! Charles This is the mail system at host e

Re: International email addresses (RFC 6531)

2013-12-29 Thread lst_hoe02
Zitat von Freek Dijkstra : Hi all, Postfix does not support international email addresses, such as josé@example.org, as described by RFC 6530-6532. To be precise, the SMPTUTF8 (previously: UTF8SMTP) SMTP extension is not announced in the EHLO response. Wikipedia [1] says it is "under develop

Re: server refused to talk to me: 550

2013-12-05 Thread lst_hoe02
Zitat von Matteo Cazzador : Hi, thank's , but it's not so clear for me. The mail client receive a notification of error but too late over 24 hours from first send. If the email is important this time it's too large. Is it possibile to reduce it? So you probably have set soft_bounce=yes,

Re: server refused to talk to me: 550

2013-12-05 Thread lst_hoe02
Zitat von Matteo Cazzador : Hi, i've a problem causing by blacklist. I 've a virtual postfix mail server (with smtp server sasl auth), when a user send a mail using my smtp server to a specific domain i obtain: " hostname ... server refused to talk to me: 550 Denied by policy" My problem i

Re: blocked by gmail

2013-12-05 Thread lst_hoe02
Zitat von Grant : For the first time ever, 7 of my (very much legitimate) automated messages sent to gmail users have bounced with this message: Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail this message has been blocked. Pleas

Re: [Aside] Alternatives to content inspection?

2013-10-11 Thread lst_hoe02
Zitat von Robert Lopez : A recent postfix-users thread had comments (about Spamassassin) along the lines of content inspection being evil by design. (Andreas and Stan) In my mind content inspection would include anti-virus checking. Am I wrong? At least my comment was in the context of spam,

Re: master.cf listed in dbl.spamhaus.org

2013-10-10 Thread lst_hoe02
Zitat von Daniele Nicolodi : Hello, recently I've see some emails from the postfix mailing list being marked as possible spam by Spamassassin. Investigating which rule caused the problem I found that dbl.spamhaus.org started to list master.cf as a "bad" hostname. Mails directed to the postfi

Re: Solution to SMTPAuth compromised accounts.

2013-09-13 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Fri, Sep 13, 2013 at 11:45:54AM +0900, Jorgen Lundman wrote: However, quite often the 3rd party involved uses software that can use pipelining, and simply keeps sending mail, even though the SMTPAuth account has been stopped. What you are calling "pipelining"

Re: EDH Ciphers

2013-08-14 Thread lst_hoe02
Zitat von Ralf Hildebrandt : What exactly are the prerequisites for "preferring" EDH ciphers in Postfix? * Do I need ECC (and thus OpenSSL >= 1.0.0) or not? For EDH no, for ECDHE yes * Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? This let the *server* (Postfix)

Re: delivery status notification (DNS)

2013-07-08 Thread lst_hoe02
Zitat von Pol Hallen : Follow official postfix page (http://www.postfix.org/DSN_README.html) I've: smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access cat /etc/postfix/esmtp_access # Allow DSN requests from local subnet only 192.168.1.0/24 silent-discard

Re: Is this an attack?

2013-06-19 Thread lst_hoe02
Zitat von Andreas Kasenides : One of my mail servers (postfix 2.6) has been target of what seems to me to be an attack. The attacker tried to deliver messages to a non-existent user names formed as a long hex string. It only happened once from one particular client and kept going for some

Re: Multiple owners in smtpd_sender_login_maps

2013-04-19 Thread lst_hoe02
Zitat von Ram : I have a requirement of 2 different users using the same sender email address I found a very old patch for doing this in postfix. http://permalink.gmane.org/gmane.mail.postfix.devel/4 Is this patch still the only way of doing multiple owners Not sure why you like to patc

Re: Temporary lookup failure with relay_recipient_maps

2013-03-07 Thread lst_hoe02
Zitat von Viktor Dukhovni : On Wed, Mar 06, 2013 at 06:13:05PM +, lst_ho...@kwsoft.de wrote: Zitat von Wietse Venema : >Postfix reports that the LDAP client library could not connect to >any of the LDAP servers. Don't shoot the messenger. > >Wietse Would the "domain" parameter in th

Re: Temporary lookup failure with relay_recipient_maps

2013-03-06 Thread lst_hoe02
Zitat von Wietse Venema : Alvaro Marin: For a moment, one ActiveDirectory server for some domains was down, so I've seen in logs: warning: dict_ldap_connect: Unable to bind to server ldap://IP1 ldap://IP2 as cn=x,ou=x,dc=x,dc=x: -1 (Can't contact LDAP server) ... Is anyway to configure Post

Re: avoiding overload on port 587

2012-11-30 Thread lst_hoe02
Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : I don't understand now, how Postfix behav

Re: avoiding overload on port 587

2012-11-30 Thread lst_hoe02
Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : I don't understand now, how Postfix behaves when listenting on submission port 587. Our mailserver is sometimes over

Re: avoiding overload on port 587

2012-11-30 Thread lst_hoe02
Zitat von Tomas Macek : On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote: Zitat von Tomas Macek : I don't understand now, how Postfix behaves when listenting on submission port 587. Our mailserver is sometimes overloaded on port 25, so we want to use postscreen. But I don't understand, ho

Re: avoiding overload on port 587

2012-11-30 Thread lst_hoe02
Zitat von Tomas Macek : I don't understand now, how Postfix behaves when listenting on submission port 587. Our mailserver is sometimes overloaded on port 25, so we want to use postscreen. But I don't understand, how Postfix works when it's stressed on port 587, when spammers connect to th

Re: [OT] SPF - Do you use it

2012-10-05 Thread lst_hoe02
Zitat von Wietse Venema : Alumno Etsii: As far as I'm concerned, SPF is not an anti-spam tool, but an anti-forgery tool. I'm ending this discussion before the flames flare up. Let's suffice with the following observation: SPF helps a sender and receiver who know each other. Otherwise

Re: [OT] SPF - Do you use it

2012-10-05 Thread lst_hoe02
Zitat von Reindl Harald : Am 05.10.2012 16:04, schrieb lst_ho...@kwsoft.de: Zitat von Titanus Eramius : Slightly off topic. I hope it's OK when the mail is marked as such. I was just wondering if the users of this list use SPF in any way, and if so, to what extend? We have considered SPF

Re: [OT] SPF - Do you use it

2012-10-05 Thread lst_hoe02
Zitat von Titanus Eramius : Slightly off topic. I hope it's OK when the mail is marked as such. I was just wondering if the users of this list use SPF in any way, and if so, to what extend? We have considered SPF some five years ago but after second thought ditched it completely: - It do

Re: OT: postfix configuration comments

2012-08-24 Thread lst_hoe02
Zitat von Reindl Harald : Am 24.08.2012 11:09, schrieb Hari Hendaryanto: On 8/24/2012 3:30 PM, Reindl Harald wrote: Am 24.08.2012 05:57, schrieb Hari Hendaryanto: it's not really a problem, just my curiosity. I wonder why Postfix does not support comments such as "// comments or /* com

Re: high-speed postfix configuration

2012-08-23 Thread lst_hoe02
Zitat von Mike Mitchell : We've actually been providing this service for 10 years now, but are just now reaching a scale where default configurations are insufficient to handle the volume. We've not needed to touch the mail server prior to now, so are just looking for some initial guid

Re: ..::Rbl not working::..

2012-08-21 Thread lst_hoe02
Zitat von Alfonso Alejandro Reyes Jiménez : On 8/21/12 9:57 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménez: Thanks it seems to be an issue with spamhaus, here's the result: [root@mail ~]# host 107.178.203.192.zen.spamhaus.org Host 107.178.203.192.zen.spamhaus.org not found: 3

Re: The ultimate email server

2012-08-15 Thread lst_hoe02
Zitat von Mikkel Bang : I'm trying to configure "the ultimate email server" for this webapp that needs to send and receive / forward emails to and from thousands of users. But with so many people recommending so many different tools, it gets hard to come to a conclusion. Looks like I'm finally

Re: virtual mailboxes BUT NOT virtual domain

2012-05-02 Thread lst_hoe02
Zitat von The Eye : On Wed, May 02, 2012 at 07:05:03AM -0400, Wietse Venema wrote: Michael Hellwig: > I've been butting my head against this one for quite some time now. You might want to read this document: http://www.postfix.org/ADDRESS_CLASS_README.html This decribes what is needed to av

Re: mx_backup, main mx misuse?

2012-04-23 Thread lst_hoe02
Zitat von Marko Weber : hello, i plan a postfix server as mx-backup. how can i control on this mx-backup, that people dont use this server as "main" mx? is there a way to do this? Not sure what you mean by "using as main", the only difference is the priority listed in DNS after all and c

Re: IPv6 to IPv4 fallback mechanism

2012-04-20 Thread lst_hoe02
Zitat von Fernando Gozalo : Hi, does the postfix smtp client implement the IPv6 to IPv4 fallback mechanism as browsers do? Postfix uses the fallback mechanism SMTP provides. It connects the MX with lowest priority at IPv6 if available and proceed to the next IPv6 or IPv4 address availa

Re: postgrey outgoing mail whitelister

2012-04-18 Thread lst_hoe02
Zitat von /dev/rob0 : On Wed, Apr 18, 2012 at 04:33:31AM +0300, Henrik K wrote: Still, is it too much to ask for looking at things from many angles or backing up claims with any kind of statistics or science instead of personal gut feelings? Where/how would one collect such data? My mail stre

Re: postgrey outgoing mail whitelister

2012-04-17 Thread lst_hoe02
Zitat von Reindl Harald : Am 17.04.2012 13:43, schrieb Henrik K: Hopefully by now people realize that your "practical expierience" is questionable. my practical expierience is managing some hundret domains with > 15.000 RCPT since years - so stop your idiotic personal attacks while nobody at

Re: Multiple SSL certs on multiple IPs

2012-04-16 Thread lst_hoe02
Zitat von Wietse Venema : Mark Constable: 12.34.56.78:smtp inet n - - - - smtpd -o myhostname=domain1.com This change all SMTP server responses that depend on the myhostname settings. Any thoughts or suggestions on how to improve this strategy? Use separate MTA instances. By changing t

Re: Postfix and Flood Spamming

2012-04-16 Thread lst_hoe02
Zitat von Stéphane Wirtel : Is there an efficient way to know if my server is blacklisted ? a reference ? Enter the IP in question at http://multirbl.valli.org/ is one possibility Regards Andreas

Re: Postfix and Flood Spamming

2012-04-16 Thread lst_hoe02
Zitat von Stéphane Wirtel : Hi Stan, On 04/16/2012 01:27 PM, Stan Hoeppner wrote: On 4/16/2012 4:33 AM, Stephane Wirtel wrote: Dear Postfix Jedi, I need your help to secure a new postfix server against the SPAM flooding. Currently I have an old postfix based on an old debian server and sin

Re: Postfix and Flood Spamming

2012-04-16 Thread lst_hoe02
Zitat von Stephane Wirtel : Dear Postfix Jedi, I need your help to secure a new postfix server against the SPAM flooding. Currently I have an old postfix based on an old debian server and since some days, my server is subject to the SPAM flooding (+- 50k mails/hours). What do you mean by 50

Re: Postfix can not resolve the ip-address

2012-04-16 Thread lst_hoe02
Zitat von Руслан Шарипов : Hello. Postfix can not resolve the IP-address, but the nameserver is configured correctly. See, in mail.log: root@mail2:/var/log# tail -3 mail.log Apr 16 02:35:44 mail2 postfix/smtpd[1855]: connect from unknown[209.85.215.53] Apr 16 02:35:45 mail2 postfix/smtpd[1

Re: Postfix and LDAP lookups

2012-04-10 Thread lst_hoe02
Zitat von Igmar Palsenberg : alias_maps = ldap:/etc/postfix/ldap-aliases.cf virtual_alias_maps = ldap:/etc/postfix/ldap-virtual.cf virtual_alias_domains = $virtual_alias_maps The virtual_alias_domains probably does a lookup in 'jdi.nl'. That isn't directly in the map. Crap. As others sa

Re: Postfix and LDAP lookups

2012-04-10 Thread lst_hoe02
Zitat von Igmar Palsenberg : Hi, I'm attempting to migrate from sendmail to Postfix + LDAP, so bare with me, I'm an sendmail user :) I've migrated the live user database into LDAP, and added my own e-mail addresses to my LDAP entry : dn: uid=igmar,ou=employee,dc=jdi,dc=nl objectClass: a

Re: verify database error

2012-04-03 Thread lst_hoe02
Zitat von "Daniel L. Miller" : On 4/3/2012 10:32 AM, Wietse Venema wrote: Daniel L. Miller: I keep seeing the following in the log: postfix/verify[27427]: close database /var/lib/postfix/verify.db: No such file or directory /* * With some Berkeley DB implementations, close fails wi

Re: Encrypt attachments

2012-03-30 Thread lst_hoe02
Zitat von Kai Szymanski : Hi Andreas, That's why e-mail encryption (S/MIME, PGP) was invented for. Why reinvent the wheel? You are right...and not ;) Problem: If we use for example gpg rhe !other side! also have to use gpg and needs to have a key infrastructure implemented. Most of the

Re: Encrypt attachments

2012-03-29 Thread lst_hoe02
Zitat von Kai Szymanski : Hi! For a customer i have to implement "on the fly" encryption for attachments. Means: 1) Send Mail to Customer - Postfix receive email by smtp from local sender - Check if Recipient is in DB. If not => Forward message by smtp to customer - If cus

Re: Next day

2012-03-28 Thread lst_hoe02
Zitat von : I use Postfix and is great. Thank you W! I send this becoz I got worried: If Wietse suddenly gets tired, retired etc what happens to Postfix? Any team/guys knowing Postfix well enough to keep dev on with W's blessings? Well, that's the real power of Open Source.

RE: SMTP Authentication

2012-03-26 Thread lst_hoe02
Zitat von King™ : Who have another solution ? Please suggest/advise me…. Thanks all -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter Sent: Monday, March 26, 2012 3:30 AM To: postfix-users@postfix.org

Re: Email encryption check before accepting for transmission

2012-02-18 Thread lst_hoe02
Zitat von john : We need to ensure that emails sent by some of our users are encrypted (medical records, reports, etc) before they are sent. We only accept out going mail from our local users by submission (port 587). I realize that this is really the job of the MUA, but I would like to ch

Re: email blocked on the backup mx

2012-02-04 Thread lst_hoe02
Zitat von ml : hello postfix list hello guru of "Fu" I am having problems with my secondary mx some mails that are blocked on the secondary remain above with an error 4D5BDCA1C9 4344 Thu Feb 2 23:19:41 centos-boun...@centos.org (Host or domain name not found. Name service error for name=

Re: How to know if my Postfix supports MySQL and PostgreSQL?

2012-02-03 Thread lst_hoe02
Zitat von Andre Lopes : Hi, I'm using CentOS6 that comes with Postfix "mail_version = 2.6.6". I need to know if my Postfix supports MySQL and PostgreSQL to a virtualhost/virtualusers configuration. How can know if my Postfix supports MySQL and PostgreSQL? postconf -m is your friend. You might

Re: spy problem

2012-02-01 Thread lst_hoe02
Quoting Tolga : On 02/01/2012 12:17 PM, lst_ho...@kwsoft.de wrote: Zitat von Baptiste Bauer : Hi ! I am suspicious ! I use POSTFIX. I suppose my workmate spy my mail sending ! ( i don't know how ! ) ð I checked « aliases » : no redirection. But there is a « generic.db » file A

Re: spy problem

2012-02-01 Thread lst_hoe02
Zitat von Baptiste Bauer : Hi ! I am suspicious ! I use POSTFIX. I suppose my workmate spy my mail sending ! ( i don’t know how ! ) ð I checked « aliases » : no redirection. But there is a « generic.db » file …. And the file « generic » has been deleted ( i don’t find it ) How to c

Re: Access Map

2012-01-20 Thread lst_hoe02
Zitat von DN Singh : Hello group, I was configuring some restrictions on the Postfix level using access map. It is in has format. It is has a pretty good number of domains in it. So, I was wondering, how large can be the file, without affecting the performance? These are configured in recipient

Re: Strange SASL Authentication Issue

2012-01-14 Thread lst_hoe02
Zitat von Robert Krig : On 01/13/2012 09:52 AM, lst_ho...@kwsoft.de wrote: Zitat von Robert Krig : On 01/11/2012 08:38 PM, Gary Smith wrote: Restarting postfix, saslauthd and authdaemon seems to get it working again, at least for a while. Are you using pam_mysql by chance? Yes, I am.

  1   2   3   4   >