Wietse Venema via Postfix-users:
> Pedro David Marco via Postfix-users:
> > Hi everybody...
> > is there anyway to make smtpd and/or qmgr be slighty more verbose?
> > i would like to have more info pero line about "from" and "to", something
> > li
natan via Postfix-users:
[restriction class with check_policy lookup, plus a lookup table]
[to decide what domains this restriction will apply to]
> Theoreticly its ok.
>
> But I have some questions
> Is there any other - more sensible approach to the topic? Or how to
> optimi
Nikolaos Milas via Postfix-users:
[dig commands dowk]
> Nevertheless, the warning does gets logged by postfix.
This means that GLIBC (or whatever your equivalent is) has problems
not POSTFIX.
The suspected sequence of events is as follows:
1 - Client connects
2 - Postfix asks GLIBC to look
the wheel?
--
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
scription: S/MIME Cryptographic Signature
_______________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Pedro David Marco via Postfix-users:
> Hi everybody...
> is there anyway to make smtpd and/or qmgr be slighty more verbose?
> i would like to have more info pero line about "from" and "to", something
> like this:
> Feb 13 12:34:56 mailserver postfix/
o=, size=1234, nrcpt=1 (queue active)
Thanks in advance!
Pete
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Fri, Feb 14, 2025 at 11:30:53AM +0200, Nikolaos Milas via Postfix-users
wrote:
> Jan 14 10:37:12 mailgw1 postfix/smtpd[1125361]: warning: hostname
> smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.249: Name
> or service not known
This host seems to have ~46
Hello,
could
reject_unknown_reverse_client_hostname
in the smtpd_recipient_restrictions be responsible, since there are dns
resolution issues for the hostname.
Florian
Am 14.02.2025 um 10:30 schrieb Nikolaos Milas via Postfix-users:
Hello,
The two mail gateway servers (MX 10 mailgw1
_checks,no_unknown_recipient_checks,no_milters
=
Thanks in advance for your valuable feedback.
Cheers,
Nick
smime.p7s
Description: S/MIME Cryptographic Signature
_______________
Postfix-users mailing list -- postfix-users@postf
* John Griffiths via Postfix-users:
> I was looking for reasons in my Ubiquity router's configuration and
> found that Ubiquity had added a filter for TOR exit sites in an update
> and it was enabled by default.
Not quite. As I mentioned, ra.horus-it.com is not a Tor *exit* rela
Matt Selsky via Postfix-users:
> Hi,
>
> Microsoft Exchange Online rejects messages with multiple From addresses if
> there's no Sender address specified per
> https://learn.microsoft.com/en-us/exchange/troubleshoot/email-delivery/ndr/fix-error-code-550-5-1-20-multiple-fro
> On Feb 13, 2025, at 6:27 PM, Matt Selsky via Postfix-users
> wrote:
>
> Hi,
>
> Microsoft Exchange Online rejects messages with multiple From addresses if
> there's no Sender address specified per
> https://learn.microsoft.com/en-us/exchange/troubleshoot/emai
tiple From addresses
without a Sender header
```
in `header_checks`, but I don't think that will work since headers are checked
one line at a time...
What's the best way to do this?
Thanks,
-Matt
_______
Postfix-users mailing list -- postfix-users
d and why
it was set by default is a topic for Ubiquity to answer.
My apologies for taking everyone's time.
Highest regards,
John
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Thanks. Got the same result.
I get a reply from the server just upstream from the host but not the host.
John
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
approximately the
blockage is.
Regards,
Alex
On 2025-02-12 18:34, John Griffiths via Postfix-users wrote:
Still not able to get to www.postfix.org [1]
(postfix-mirror.horus-it.com, 65.108.3.114) using traceroute or http.
Traceroute gets to the upstream router, but not to the host.
7 ae
* Wietse Venema via Postfix-users:
> There are known blocks based on anti-TOR policies, ranging from
> anti-malware policies to censorship.
Folk fearful of the Tor Project should also be reminded that entry-nodes
and middle-nodes only route Tor traffic to other Tor nodes, by design.
Onl
Jim Garrison via Postfix-users:
> I have a Postfix server that does outbound-only relay in a small network
> via a smarthost. There is no incoming mail (so no Dovecot), and
> outbound is restricted to a very small set of clients.
>
> The relay has to go through GMail, which I h
Sorry
If all fails, I will just continue to use mirrors.
On 2/12/25 13:48, Wietse Venema via Postfix-users wrote:
There are known blocks based on anti-TOR policies, ranging from
anti-malware policies to censorship. For the latter, see
https://blog.torproject.org, and for the former, see your
There are known blocks based on anti-TOR policies, ranging from
anti-malware policies to censorship. For the latter, see
https://blog.torproject.org, and for the former, see your ISP or
your local network manager.
Wietse
___
Postfix-users
years. That's going away and GMail will
require OAUTH2.
I've followed the thread at
https://www.mail-archive.com/postfix-users@postfix.org/msg104614.html
but solutions seem to require Dovecot, which I'd rather not add to this
server.
I also found, from 2022,
https://www.mail-arch
r.com
John
On 2/12/25 12:58, Claus R. Wickinghoff via Postfix-users wrote:
Hi John,
traceroute from my home (Belgium) also ends there:
6 * * *
7 4.68.70.53 (4.68.70.53) 30.650 ms 36.191 ms 35.500 ms
8 ae2.2.edge1.hel1.neo.colt.net (171.75.10.35) 69.395 ms 52.781 ms
56.449 m
?
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Tue, 11 Feb 2025 12:43:09 -0500
John Griffiths via Postfix-users wrote:
> I am trying to determine whether it is a routing issue or my IP or
> domain have been blacklisted.
>
> Running traceroute the problem appears to be at
> ex9k1.dc6.hel1.hetzner.com (213.239.252.1
x27;ll update all my bookmarks to use a mirror.
Thanks all for trying.
John
On 2/12/25 12:03, Ralph Seichter via Postfix-users wrote:
* John Griffiths via Postfix-users:
Is my IP, 47.201.27.231, or the subnet(s) blocked in the firewall?
There are currently no existing blocks in the 47.201.
* John Griffiths via Postfix-users:
> Is my IP, 47.201.27.231, or the subnet(s) blocked in the firewall?
There are currently no existing blocks in the 47.201.0.0/16 subnet at
all. Unless you plan to attack the server hosting the Postfix website,
that server is not going to impose a block on y
Correction: I was only trying to connect using https or http.
Is my IP, 47.201.27.231, or the subnet(s) blocked in the firewall?
John
On 2/11/25 17:45, Ralph Seichter via Postfix-users wrote:
* John Griffiths via Postfix-users:
I cannot reach thewww.postfix.org server. I have to use a
* John Griffiths via Postfix-users:
> I cannot reach the www.postfix.org server. I have to use a mirror if I
> want to get to the documentation.
According to the logs, traffic to www.postfix.org is as lively as usual,
with no outages reported. During the last 24 hours, around three sc
tten about will bite you in the ass every time...
--
Phil Stracchino
Fenian House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______
Postfix-users mailing list -- postfix-users@postfix.
Phil Stracchino via Postfix-users:
> On 2/11/25 16:26, Wietse Venema via Postfix-users wrote:
> > Phil Stracchino via Postfix-users:
> >> On 2/11/25 14:53, Phil Stracchino wrote:
> >>> On 2/11/25 14:48, Florian Piekert wrote:
> >>>> Amazon.com
guarantees than https can provide (protects only data in flight).
Wietse
___________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 2/11/25 16:26, Wietse Venema via Postfix-users wrote:
Phil Stracchino via Postfix-users:
On 2/11/25 14:53, Phil Stracchino wrote:
On 2/11/25 14:48, Florian Piekert wrote:
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
I imagin
Phil Stracchino via Postfix-users:
> On 2/11/25 14:53, Phil Stracchino wrote:
> > On 2/11/25 14:48, Florian Piekert wrote:
> >> Amazon.com in the filename.
> >>
> >> .com extension.
> >>
> >>>
> >>> /name=[^>]*\.(bat|com
It'as a TOR inner node, and some networks block that.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Viktor Dukhovni via Postfix-users wrote in
:
|On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-u\
|sers wrote:
...
|If so, that's pretty simple, you need a local DNSSEC validating resolver
|(BIND, unbound, knot, not systemd-resolved or dns-masq).
Why not dn
On 2/11/25 11:33, Phil Stracchino via Postfix-users wrote:
I have mime_header_checks = pcre:/etc/postfix/mime_header_checks, but
that file contains only the following:
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
This regexp isn't anchored at the end.
So it matches (among othe
k here?)
actually $ would be better than a \b, wouldn't it?
--
Phil Stracchino
Fenian House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______
Postfix-users mailing list -- po
House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
Am 11.02.2025 um 20:33 schrieb Phil Stracchino via Postfix-users:
Hey folks,
I have a puzzle that has me scratching my head. A few minutes ago I tried to
send a mail message with a
chain attacks (through insecure mirroring and
possibility of serving infected binaries) less likely.
The users would benefit from the peace of mind knowing the official website is
identical to the one you designed.
Best,
Ömer
> Am 11.02.2025 um 20:17 schrieb Jim Garrison via Postfix-us
ed
upon its Content-Type?
--
Phil Stracchino
Fenian House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Hoping an admin is on this list and will unblock me.
John
On 2/11/25 14:10, Jim Garrison via Postfix-users wrote:
On 2/11/2025 10:45, John Griffiths via Postfix-users wrote:
Hit send too soon.
sudo traceroute -I 65.108.3.114
traceroute to 65.108.3.114 (65.108.3.114), 30 hops max
On 2/11/2025 10:45, John Griffiths via Postfix-users wrote:
Hit send too soon.
sudo traceroute -I 65.108.3.114
traceroute to 65.108.3.114 (65.108.3.114), 30 hops max, 60 byte packets
1 router.internal.grifent.com (192.168.1.1) 0.212 ms 0.227 ms
0.221 ms
2 47.204.132.1
.hetzner.com (213.239.252.198) 151.152 ms
150.267 ms 150.374 ms
11 * * *
12 * * *
never get to ra.horus-it.com (65.108.3.114).
John
On 2/11/25 13:37, Jim Garrison via Postfix-users wrote:
On 2/11/2025 09:43, John Griffiths via Postfix-users wrote:
I am trying to determine
I was running traceroute as root.
On 2/11/25 13:37, Jim Garrison via Postfix-users wrote:
On 2/11/2025 09:43, John Griffiths via Postfix-users wrote:
I am trying to determine whether it is a routing issue or my IP or
domain have been blacklisted.
Running traceroute the problem appears to
On 2/11/2025 09:43, John Griffiths via Postfix-users wrote:
I am trying to determine whether it is a routing issue or my IP or
domain have been blacklisted.
Running traceroute the problem appears to be at
ex9k1.dc6.hel1.hetzner.com (213.239.252.198) which is in Germany.
traceroute can be
, Florian Piekert via Postfix-users wrote:
Hello,
that doesn't seem to be a general non-accessibility of the server:
root@sonne:~# host www.postfix.org
www.postfix.org is an alias for postfix-mirror.horus-it.com.
postfix-mirror.horus-it.com has address 65.108.3.114
postfix-mirror.horus-it.com has
100%[==>]
5.59K --.-KB/sin 0s
2025-02-11 18:12:55 (647 MB/s) - 'index.html' saved [5726/5726]
Maybe some routing issues of your upstream provider?
Am 11.02.2025 um 17:46 schrieb John Griffiths via Postfix-users:
S
oting.
John___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Tue, Feb 11, 2025 at 11:20:54AM +0100, Danjel Jungersen via Postfix-users
wrote:
> On 11-02-2025 10:31, Viktor Dukhovni via Postfix-users wrote:
> > Use a validating resolver on the local machine as a cache that forwards
> > to that upstream. You SHOULD NOT trust the AD bit
On 11-02-2025 10:31, Viktor Dukhovni via Postfix-users wrote:
Use a validating resolver on the local machine as a cache that forwards
to that upstream. You SHOULD NOT trust the AD bit from a resolver
running on another machine, the DNS protocol (DoH aside, when you
fully trust the upstream) is
On Tue, Feb 11, 2025 at 09:12:16AM +0100, Danjel Jungersen via Postfix-users
wrote:
> On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
> > On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via
> > Postfix-users wrote:
> >
> > > I have decid
ption PSK”, so it’s not like OpenSSL has an arbitrary
> wrap-length.
Because with a full certificate it can be multiple kilobytes.
--
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
> On Feb 10, 2025, at 01:59, Viktor Dukhovni via Postfix-users
> wrote:
>
> On Mon, Feb 10, 2025 at 12:22:44AM -0800, Dan Mahoney via Postfix-users wrote:
>
>> I’d like to turn this into a check in our internal monitoring, since we
>> do occasionally roll the cert
On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE*outbound* in
your Postfix SMTP client, i.e.
On 11-02-2025 08:28, Viktor Dukhovni via Postfix-users wrote:
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE*outbound* in
your Postfix SMTP client, i.e.
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
> I have decided to give it a shot.
When you say "give it a shot", do you mean enabling DANE *outbound* in
your Postfix SMTP client, i.e. verify the DANE TLSA records of remote
domains that have i
On Mon, Feb 10, 2025 at 04:14:36PM +0100, Danjel Jungersen via Postfix-users
wrote:
> Hey.
>
> I have read something about DANE.
>
> I have seen very different recommendations.
>
> I have decided to give it a shot.
>
> But I figured that "someone" here
Thomas Landauer via Postfix-users:
> Hi Wietse,
>
> thanks, I see your point with qmgr.
>
> Would it be possible that you added the `to=` to this line?:
>
> > postfix/bounce: 4YqPkV4jYnz44Pv: sender non-delivery notification:
> > 4Yr3gH44DWz44XB
The failed recip
't the message be reworded to: "returNING to sender"?
Thanks again!
Cheers,
Thomas
___________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
...@list.sys4.de/thread/NKDBQABSTAAWLTHSZKC7P3HALF7VE5QY/
/me recommends, after being bashed by viktor a few times :)
randy
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Thomas Landauer via Postfix-users:
> Hi,
>
> please add `to=` to logfile lines like this:
>
> > 4YqPkV4jYnz44Pv: from=, status=expired, returned to sender
The above is logged by te queue manager.
Almost immediately in the before this, there will be one or more
lines tha
Currently I'm running postfix (and rspamd if that's relevant...) on
debian stable.
All the best!
Danjel
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
rtant:
You could also add the usual `dsn=` field with the information that's
given in the DSN mail which Postfix sends:
Status: 4.4.1
--
Cheers,
Thomas
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
On 2025 Feb 4, 10:07, Peter via Postfix-users wrote:
> On 4/02/25 09:53, Emmanuel Seyman via Postfix-users wrote:
> >* Josh Good via Postfix-users [31/01/2025 00:37] :
> >
> >>But I'm sure it is archived privately in many places. If just this was
> >>read
On Mon, Feb 10, 2025 at 12:22:44AM -0800, Dan Mahoney via Postfix-users wrote:
> I’d like to turn this into a check in our internal monitoring, since we
> do occasionally roll the cert on our MXes (which need to be “real” OV
> certs due to some customer requirements — I don’t make
rules).
Viktor, do you have that code up somewhere? (Obviously, I’d make it
single-target)
-Dan
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Sean McBride:
> On 9 Feb 2025, at 10:00, Wietse Venema via Postfix-users wrote:
>
> > Please use a real resolver. RedHat tooling may be fine for desktoops
> > but not for infrastructure. That's the polite version.
>
> Gotcha, thanks.
>
> Alternatively, if I
On 2025-02-09 at 12:45:00 UTC-0500 (Sun, 09 Feb 2025 12:45:00 -0500)
Sean McBride via Postfix-users
is rumored to have said:
On 9 Feb 2025, at 10:00, Wietse Venema via Postfix-users wrote:
Please use a real resolver. RedHat tooling may be fine for desktoops
but not for infrastructure. That&#
On 9 Feb 2025, at 10:00, Wietse Venema via Postfix-users wrote:
> Please use a real resolver. RedHat tooling may be fine for desktoops
> but not for infrastructure. That's the polite version.
Gotcha, thanks.
Alternatively, if I use FreeBSD, is the local-unbound(8) that's in
.
>>
>> there is one observation however. the manual query for dane takes more than
>> 1 second for gmail while for outlook it takes around half of that and for
>> some domains even less than that.
>>
>> i am wondering if this is the problem. I am not sur
E TLS HANDSSHAKE***.
Wietse
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
irrespective of smtp_tls_security_level would avoid this WTF moment.
Best,
Ömer
> Am 09.02.2025 um 16:45 schrieb Viktor Dukhovni via Postfix-users
> :
>
> On Sun, Feb 09, 2025 at 04:35:03PM +0100, Ömer Güven via Postfix-users wrote:
>
>> I can only endorse this. Simply settin
>
> Thanks,
> Ömer
>
>> Am 09.02.2025 um 15:58 schrieb Wietse Venema via Postfix-users
>> :
>>
>> I think that the mistake was to make smtp_tls_dane_insecure_mx_policy
>> dependent on smtp_tls_security_level
>>
On Sun, Feb 09, 2025 at 04:35:03PM +0100, Ömer Güven via Postfix-users wrote:
> I can only endorse this. Simply setting it to „dane“ should solve the
> hassle and make the operation more consistent and predictable.
The whole thing is a misunderstanding. The insecure MX setting is only
eve
I can only endorse this. Simply setting it to „dane“ should solve the hassle
and make the operation more consistent and predictable.
Thanks,
Ömer
> Am 09.02.2025 um 15:58 schrieb Wietse Venema via Postfix-users
> :
>
> I think that the mistake was to make smtp_tls_dane_insecu
, 2025 5:55:50 AM UTC, "Ömer Güven via Postfix-users"
wrote:
>I‘m the author of postfix-tlspol. I‘m not talking about manually adding „dane“
>for select destinations in a static map.
>postfix-tlspol does evaluate the domain in realtime and returns the currently
>best availabl
Sean McBride via Postfix-users:
> On 23 Jan 2025, at 9:56, Bill Cole via Postfix-users wrote:
>
> > Your solution is to run a local, caching, fully-recursive name
> > resolver. The simplest way to do that is with the Unbound resolver.
> > This is a best practice for
e release by another day, but it
would be worth it.
Wietse
___________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
nds on per-destination input.
--
Viktor.
_______________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
smtp_tls_dane_insecure_mx_policy to dane in the README of postfix-tlspol, but I
have to consider the unusual (even broken) setups and worst-cases.
Kind regards
Ömer
> Am 09.02.2025 um 03:40 schrieb Viktor Dukhovni via Postfix-users
> :
>
> On Sun, Feb 09, 2025 at 03:00:22AM +0100
On 23 Jan 2025, at 9:56, Bill Cole via Postfix-users wrote:
Your solution is to run a local, caching, fully-recursive name
resolver. The simplest way to do that is with the Unbound resolver.
This is a best practice for all mail servers because MTAs do a lot of
DNS and should not be using a
orth it. The parameter is not "useless" when based on the
global setting, rather than per-destination setting.
I am not opposed to starting with the per-destination setting, but that
requires new code, which is not clearly justified.
--
Viktor.
______
flaw, not to say a security bug.
> Am 09.02.2025 um 03:01 schrieb Ömer Güven via Postfix-users
> :
>
>
> How did I misunderstand the settings if Wietse said that
> smtp_tls_dane_insecure_mx_policy only defaults to dane, when the
> smtp_tls_security_level variable is
didn‘t understand me.
> Am 09.02.2025 um 02:53 schrieb Viktor Dukhovni via Postfix-users
> :
>
> On Sat, Feb 08, 2025 at 04:41:53PM -0500, Wietse Venema via Postfix-users
> wrote:
>
>>
>> smtp_tls_dane_insecure_mx_policy = ${{$smtp_tls_security_level} == {dane}
On Sat, Feb 08, 2025 at 11:06:08PM +0100, Ömer Güven via Postfix-users wrote:
> * Also: the current behavior is counter-intuitive and makes returning
> „dane“ completely useless unless the default is also set to „dane“,
> because postfix-tlspol only returns „dane“ if „dane-only“ isn‘t
&
On Sat, Feb 08, 2025 at 04:41:53PM -0500, Wietse Venema via Postfix-users wrote:
>
> smtp_tls_dane_insecure_mx_policy = ${{$smtp_tls_security_level} == {dane} ?
> {dane} : {may}}
>
> I have one question:
>
> - Should this expression use th
Sean McBride via Postfix-users:
> Hi all,
>
> I've been setting up a fresh postfix server, and I've really appreciated
> how great the docs are. In the spirit of making them even better, I'd
> like to share a comment/suggestion.
>
> If I correctly underst
www.postfix.org/TLS_README.html
Similarly, though the string `465` appears, it's only in the context of
the older obsolete `smtps` sense, for MTA to MTA communication.
Cheers,
Sean
_______
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscr
fault to „may“
> during experimenting and saw in the logs, that despite the socketmap returned
> „dane“, DANE was not used at all to my surprise.
>
> Ömer
>
>
>> Am 08.02.2025 um 22:43 schrieb Wietse Venema via Postfix-users
>> :
>>
>> Viktor Dukhovni via
MX lookup).
Now I know how I first thought there was a bug: I set my default to „may“
during experimenting and saw in the logs, that despite the socketmap returned
„dane“, DANE was not used at all to my surprise.
Ömer
> Am 08.02.2025 um 22:43 schrieb Wietse Venema via Postfix-us
Viktor Dukhovni via Postfix-users:
> On Sat, Feb 08, 2025 at 05:28:31PM +0100, ?mer G?ven via Postfix-users wrote:
>
> >RFC 7672 says that Opportunistic DANE (security level ?dane?, but not
> >?dane-only?) may accept non-DNSSEC derived MX records be eligible for
> &g
IF Postfix appends the 'wrong domain' (usually, @$myorigin) to a
virtual alias lookup result,
THEN you need to specify the correct domain in the virtual alias
lookup result.
Wietse
_______
Postfix-users mailing list -- postfix-users@post
I‘m perplexed. I never saw that configuration parameter until now and
apparently misinterpreted my Postfix logs. Glad this isn’t an issue. Thanks!
> Am 08.02.2025 um 17:42 schrieb Viktor Dukhovni via Postfix-users
> :
>
> On Sat, Feb 08, 2025 at 05:28:31PM +0100, Ömer Güven via P
On Sat, Feb 08, 2025 at 05:28:31PM +0100, Ömer Güven via Postfix-users wrote:
>RFC 7672 says that Opportunistic DANE (security level „dane“, but not
>„dane-only“) may accept non-DNSSEC derived MX records be eligible for
>DANE on the DNSSEC-signed (e. g. external) SM
s „dane“ (but not for „dane-only“), but log that the MX isn‘t verified, but Opportunistic DANE is chosen anyway (as the RFC recommends).Best regards, Ömer
smime.p7s
Description: S/MIME cryptographic signature
___________
Postfix-users mailing list -- postfix-users@po
tfix/bounce[7327]: 3EA9481A40: sender non-delivery notification:
30DB081A5A
Ubuntu 24.04
Postfix version 3.8.6 (on the old server it was 3.4.13)
Dovecot 2.3.7.2
MySQL Ver 15.1 Distrib 10.11.8-MariaDB
SQL-related main.cf items:
mydestination = $myhostname, localhost.$mydomain, localhost
relay_domains =
Ellie via Postfix-users:
> On 2/6/25 7:10 PM, Wietse Venema via Postfix-users wrote:
> > You can force this witH;
> >
> > /etc/postfix/master.cf
> > relay .. .. .. .. .. .. smtp
> > flags=O
> >
> > /etc/postfix/main.cf:
&
1 - 100 of 6312 matches
Mail list logo
