> If you are curious about the defaults in your Postfix use
> postconf | grep tls
That should be:
postconf -d | grep tls
br, Petri
smime.p7s
Description: S/MIME cryptographic signature
> Thanks. When tweaks may have been made over the years, is there a page in the
> docs that just has a clean list of defaults for master.cf? Or check the .dist
> files?
You suspect tweaks have been made to your system? Use
postconf -n | grep tls
postconf -M | grep tls
to find out. Go throug
> As some test suite recommendations might be harsher than what is practical I
> thought I'd check with the people who actually work on Postfix.
>
> 1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
> that recommended? What about 1.1?
The devices will negotiate the best
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_protocols = !SSLv2, !SSLv3
>
> But that doesn't work. Still the connection is established using TLSv1.
Those are for smtpd or inbound connections. For outbound to O365 you need to
look at smtp_ settings.
--
br, Petri
https://metis.
> i check this regex with grep, it work fine but in postfix no.
>
> grep -E "^Reference No: PP-[0-9][0-9][0-9]+(-[0-9]+)*.$" test.txt
>
> Reference No: PP-425-168-292
>
> warning: header Subject: Reference No: PP-425-168-292
>
> /^Subject: ^Reference No: PP-[0-9][0-9][0-9]+(-[0-9]+)*.$/ DISCAR
Karol Augustin wrote on 20.02.2018 at 13:26:
> So if there is alias configured to deliver to particular user than user
> can send e-mail from this address, but not from any address (gmail.com),
> and not from his colleague's address, even if it is in the same domain.
>
> So I agree, 1-to-1 mappin
Ralph Seichter wrote on 20.02.2018 at 13:07:
> I've asked Apple several times over the years why both their macOS and iOS
> mail clients don't support it, but apparently this does not even deserve an
> answer.
This is going OT regarding Postfix, but both in Mail.app and iOS built-in mail
you
Dominic Raferd wrote on 23.01.2018 at 9:06:
>
> Is there a method (regex?) for reliably identifying dynamic ip addresses?
> Take for instance 199-127-103-235.static.avestadns.com - it looks dynamic to
> me but it says it is static. Is it best/safest to rely on '\.dynamic\.'
> occurring in th
> I am looking to use either Cyrus or Dovecot for both SASL authentication and
> IMAP. While Postfix 3.1.0 supports both, I was wondering which to prefer if
> security is my most important deciding factor ? Does one have a better track
> record than the other ?
They are both quite secure, I c
>> I don't do anything with postfix from few months.
>
> Only I have root access with ssh key public/private files randomly generated,
> so I suppose there is little probability that somebody hacked the root.
I understand you haven’t touched Postfix for months. Still those files have
modificati
> I checked the server and this is how it's configured
>
> postconf -n | grep smtpd | grep tls | grep ciphers
> smtpd_tls_ciphers = medium
> smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL
> smtpd_tls_mandatory_ciphers = medium
> smtpd_tls_mandatory_exclude_ciphers = aNULL
> tlsprox
> da...@justemail.net wrote on 25.10.2017 at 2:35:
>
> Hello,
>
> My office receives email from UPS, since we're a customer.
>
> One of the domains that UPS emails from is apparently "iship.com".
>
> We're not getting those emails.
You and UPS require different sets of ciphers and have none in
> Hi, I have found in my /etc/postfix directory list of duplicated files. I
> attach .txt file with this list. I don't do anything with postfix from few
> months. If it's not normal please tell me how fix it.
Many editors (Vim, Emacs, Nano?) create backup files with a tilde appended to
the end
> Gary kirjoitti 11.09.2017 kello 11:59:
>
> As you know, letsencrypt certs can be automatically updated. However, you
> need to reload/restart Postfix/Dovecot to use the new cert. My email client
> insisted I had an expired cert. I couldn't download or send email.
> (Fortunately I'm on a tes
> Maurizio Caloro wrote on 01.02.2017 at 15:13:
>
> Hello Postfix
>
> Probably not the first one with this question, but please i need a little
> help!
>
> If sending any Mail to GMX or WEB.de, i have here this error, Please view
> Mail.log
> last two lines. i undestond that GMX will check t
> Larry Kuenning kirjoitti 11.01.2017 kello 21:20:
>
> Excuse my ignorance, but isn't this whole discussion of "/128" based on the
> assumption that this notation means a block of 2^128 addresses? And isn't
> 2^128 the size of the entire IPv6 address space? There would be nothing left
> ove
> As long as saslauthd can bind against it like a regular Active Directory
> (=LDAP) server, it should work without special configuration inside
> postfix.
Does Azure AD support LDAP? At least in the beginning it didn’t, but I haven’t
come across a definitive answer. There is a new RESTful API ca
> I _do_ use fail2ban.
> However -- as I wrote -- it can be circumvented.
>
> Maybe you missed my first post. See
> http://article.gmane.org/gmane.mail.postfix.user/254364
You are right, I missed the first one. I’m sorry for the noise.
In your case, the functionality would need to be inside Post
> Essence of my question was not "how to block manually an already
> known malicious client?" but "how to apply some restrictions
> automatically on any suspicious clients?”
Take a look at Fail2Ban or SSHGuard. They keep an eye on your logs and add
firewall rules dynamically. They also expire the
> That did it, thank you. I thought it was going to be more complicated than
> that.
I just love simple solutions :o)
--
Cheers
Petri
GSM +358 400 505 939
> It doesn't like the -o content_filter= gpg-mailgate line. Gives me an
> "Unexpected command-line argument"
Delete the space after the equals sign.
--
Cheers
Petri
GSM +358 400 505 939
It is very simple; Postfix supports LDAP natively, our Postfix
queries our DSA for all the maps.
It won't cache however. If you need caching you should run a
localOpenLDAP server and proxy the queries.
This is all true. Note, that the proxy-map in Postfix won't cache, but
it will consoli
22 matches
Mail list logo
