On Thu, 2025-01-16 at 08:33 -0500, Wietse Venema via Postfix-users
wrote:
> Tobi via Postfix-users:
> > Hi list
> >
> > we have an issue with mail delivery. We use tlspol to tell postfix
> > if
> > mta-sts or DANE should be used for a recipient domain. Now we
Hi list
we have an issue with mail delivery. We use tlspol to tell postfix if
mta-sts or DANE should be used for a recipient domain. Now we have the
case that a rcpt domain has 3 MX records. The first one with prio 0 has
**no** TLSA records but the other two (prio 10 and 20) have proper TLSA
recor
Hi there
I guess the answer will be "not possible" but maybe (hopefully) I'm
wrong :-) I'm looking for a way to achieve the following: if postfix
smtp client cannot establish a TLS connection to MX host then we want
to change nexthop **and** add a suffix to the subject. The goal is to
route back t
I know that this is not a postfix issue, but I have the hope that
someone from DHL is on this list :-)
It looks like that DHL (and possibly many other DHL related domains)
messed with their DNSSec. With NSEC3 to be more precise
If checking the csync the following is returned
> dig dhl.com csync
ed only check the TXT record's version "id"
> against the cached value.
Again a good argument for "mta-sts" is stupid and DANE should always be
preferred :-)
Cheers
tobi
On Tue, 2024-12-10 at 14:30 +1100, Viktor Dukhovni via Postfix-users
wrote:
> On Mon, Dec 09,
policy for Microsoft.
Thanks @Victor for your support
Cheers
tobi
On Mon, 2024-12-09 at 22:51 +1100, Viktor Dukhovni via Postfix-users
wrote:
> On Mon, Dec 09, 2024 at 12:03:02PM +0100, Tobi via Postfix-users
> wrote:
>
> > > Is that preventing mail delivery, or just
Hi Victor
think you push my to the right path :-)
On Mon, 2024-12-09 at 22:51 +1100, Viktor Dukhovni via Postfix-users
wrote:
> On Mon, Dec 09, 2024 at 12:03:02PM +0100, Tobi via Postfix-users
> wrote:
>
> > > Is that preventing mail delivery, or just noise in the logs?
>
Victor,
On Mon, 2024-12-09 at 19:46 +1100, Viktor Dukhovni via Postfix-users
wrote:
> On Mon, Dec 09, 2024 at 08:28:55AM +0100, Tobi via Postfix-users
> wrote:
>
> > since this weekend we have the issue that our postfix seems to be
> > unable to verify TLS certs presented
Hello list
since this weekend we have the issue that our postfix seems to be
unable to verify TLS certs presented by Microsoft. We get
> Server certificate not verified
all over the postfix logs. Manually testing shows the same
> openssl verify -verbose <(echo | openssl s_client -connect
52.101
Hi list
maybe someone has a good idea :-)
I'm looking for a way to reliably determine how long a message sits in
active queue. Currently I use postqueue -j and pipe it to jq, get only
hits from queue_id==active and then get arrival time, sort it by
arrival time, take the oldest and calculate the
we want it :-)
Have a nice weekend
tobi
On Fri, 2024-04-26 at 01:46 -0400, Viktor Dukhovni via Postfix-users
wrote:
> On Fri, Apr 26, 2024 at 07:21:24AM +0200, Tobi via Postfix-users
> wrote:
>
> > Or would it be possible to use a sender_dependent_relayhost_maps
> > an
Hi
I wonder if it is possible in postfix client to enforce usage of TLS
based on sender. Just like in smtp_tls_policy_maps but based on sender
of the message and not on rcpt or nexthop. The only way I can see so
far is to setup another postfix instance with smtp_tls_security_level =
encrypt and us
Hello
we use the "new" feature for the mitigation of the SMTP smuggling via
> smtpd_forbid_bare_newline = yes
in main.cf and wanted to ask if it would be possible to log more
information upon such a reject
> bare received after DATA (0 bytes) from mail-
m121165.qiye.163.com[115.236.121.165]
W
the header via the milter app then :-)
Cheers
tobi
On 23/03/2023 13:27, Matus UHLAR - fantomas via Postfix-users wrote:
Dnia 23.03.2023 o godz. 12:48:36 Tobi via Postfix-users pisze:
I wonder if the following is possible: can postfix add a header with
a dynamic value? My goal would be to add a
Hi there
I wonder if the following is possible: can postfix add a header with a
dynamic value? My goal would be to add a header with the current unix
timestamp on the edge system and then check that header against current
time on last system in the delivery chain.
Have a good one
tobi
15 matches
Mail list logo
