th the users whether that would be acceptable.
If anyone has very different ideas on how to implement these features, I
am all ears.
Cheers,
Tobias Florek
and the key specification and size, i.e. --/rsa/-key-size /4096/. You
either want to create an ECDSA key, which will have an "ecdsa-key-size"
and be much smaller than 4096 bits. Or you want an RSA key, in which
case "key-type" should be "rsa".
Cheers,
Tobias
Ope
On Fri, Feb 4, 2022 at 4:57 PM Viktor Dukhovni
wrote:
> On Fri, Feb 04, 2022 at 04:06:10PM +0100, Tobias Meyer wrote:
>
> > Since OpenSSL already supports PKCS#11 and Postfix uses OpenSSL, do
> > you think adding support might be a task someone with a little C/C++
> > bac
sl already supports pkcs#11 and postfix uses openssl, do you
think adding support might be a task someone with a little c/c++ background
and a solid, but not expert, understanding of PKI could tackle, or would
you recommend against that?
Alternatively, would this be the place to ask for a feature request? :)
--
Tobias
well.
The benefits of not exposing the private key seem obvious, but I could not
find anything related on the net.
Thanks,
Tobias
your mynetworks table in order to
define the range you mean in as few networks as possible.
Cheers,
Tobias
OpenPGP_0x6D7525A1BB6064D9_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Hi,
no the comma is accidentaly set. Thank's for the help.
Greetings
Tobias
On 10/10/19 7:01 PM, Wietse Venema wrote:
Tobias K?ck:
MAIL FROM: SIZE=434,
Is there really a comma at the end? That would be a malformed
MAIL FROM command.
Postfix would also reject it:
MAIL FROM: size
tings
Tobias
On 10/10/19 5:16 PM, Wietse Venema wrote:
Tobias K?ck:
Hi,
I have a Postfix set up to relay the messages to an Exchange server.
It declines the mails with
ntern_mail.someurl.de,08D7265A6F30DBE4,12,10.32.68.13:2525,10.32.66.152:49726,*,Tarpit
for '0.00:00:05' due to &
to send as this sender',
It works manually with telnet mail.someurl.de.
I suspect it is because Postfix send in the Envelope address for some
reason the SIZE=423 with it
MAIL FROM: SIZE=434,
How can I disable the sending of the SIZE parameter?
Greetings
Tobias
postfix appends myorigin only if the domain is not present
(and if append_at_myorigin is yes, but it's the default)
Interesting. I haven't seen this depencendy. Where can I find it (in the
documentation)?
e bit confused how that works out but that seems to be
the case.
Greetings
Tobias
On 7/18/19 5:12 PM, Wietse Venema wrote:
Tobias K?ck:
Hi,
I have setup
myorigin=mydomain.de
but if I send an email with MUTT emai client or with 'echo "test" |
mail' s...@email.de I g
send an internal mail
from Postfix to verify the myorigin setting?
Greetings
Tobias
the mx
entry is set up right.
I am wondering why the source email adresse is still not
'usern...@mydomain.de' but instead 'usern...@mail.mydomain.de'?
Greetings
Tobias
most of them are empty by default iirc.
is no value is given, afaik the default is permit. That's why the
default value of smtpd_relay_restrictions is not empty by
edfault
smtpd_client_restrictions = permit_mynetworks, reject
Yes the default value is empty and so to allow all connections but
Hi,
does rules like
smtpd_client_restrictions = permit_mynetworks
include a 'deny all' at the end? Or should I if it should have an effect
write something like
smtpd_client_restrictions = permit_mynetworks, recect
Greetings
Tobias
s "untrusted" for a
certificate whose CA I have indeed not verified than if it says
"trusted" when the CA concerned is completely unknown to me, let alone
its policies.
Cheers,
Tobias
signature.asc
Description: OpenPGP digital signature
records completely how likely is emails
will be bounced back?
Greetings and thanks
Tobias
> --
> Viktor.
>
>
Hi,
if I want to use several domains on my Postfix server do every domain need
a unique PTR DNS entry to an unique IP or is it enough to setup $myhostname
to the main domain?
smtp_helo_name = $myhostname
smtpd_proxy_ehlo = $myhostname
Greetings
Tobias
write, canonical,
but I've yet to find a way to make it work. If there's some generic
Milter around that can run simple scripts that could work to bounce. Or
for rewrite, trigger a script after message has been queued to modify
the From header (perhaps AlterMIME can be used for this?)
/Tob
This is a cross-post from the squirrelmail-devel list.
It may be of interest if you want to run SquirrelMail and connect to
Postfix (and Dovecot, possibly other servers) using STARTTLS.
BR
Tobias
Forwarded Message
Subject: [SM-DEVEL] 4 bugs, IMAP and SMTP STARTTLS
sender_login_mismatch
<http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch>restriction
for unauthenticated clients only. This feature is available in
Postfix version 2.1 and later.
BR
Tobias
for the different domains ?
Supposing that you have different MX records for your two domains, then
I suppose that you might be able to generate or request certificates
with corresponding SubjectAlternativeNames. I'm not sure whether those
are widely supported in Internet MTAs, though.
Cheers,
Tobias
Hi Viktor
Thanks for weighing in with very valuable points one the limitations of
SMTP-TLS. Rest assured that I am well aware of them, especially of the
inherent quality of the SMTP "system" that the client is predominantly
resposible for the e-mail security policy.
Cheers,
Tobias
Hi
On 11.11.2015 14:51, Wietse Venema wrote:
> See: reject_plaintext_session
> http://www.postfix.org/postconf.5.html#reject_plaintext_session
Cool, thanks a lot, I'd missed that.
Cheers,
Tobias
_sender_restrictions to reject an
attempt to send mail without TLS. However, I have not yet found a way to
do so.
Is there any parameter signalling the TLS state that I can use in
smtpd_sender_restrictions (or later)?
Regards,
Tobias
until we can upgrade the system.
Thanks for the swift and accurate analysis!
Cheers,
Tobias
it then attempts the next MX host, with the
same result, and so on, and in the end the e-mail is deferred.
I'm puzzled and would really appreciate any help.
Cheers,
Tobias
I have the explanation -- I should've looked into the tcpdump output
more closely.
Viktor Dukhovni wrote the following on 05.11.2014 16:30:
> On Wed, Nov 05, 2014 at 01:27:49PM +0100, Tobias Reckhard wrote:
>> It looks as though mail01.i-sec.tuv.com dropped the connection, thou
stem is sending a [RST, ACK]
packet directly after sending "TLSv1 Application Data", which very
probably is its EHLO.
Any ideas?
Cheers,
Tobias
Dear Wietse,
I apologize "accusing" Postfix.
Looking at your answers, I think I have to investigate whether and why MailMan
has put messages with the same message-id and same recipient multiple times to
the smtp deamon.
Kindest regards,
Tobias
-Ursprüngliche Nachricht-
limiter = +
inet_interfaces = all
inet_protocols = all
message_size_limit = 104857600
____
Kindest regards,
Tobias Schwartz
German Bar Association
IT Department
--
Deutscher Anwaltverein (DAV) e. V.
Littenstraße 11, 10179 Berlin
Phone +49 30 726152-160, Fax -194
schw
Viktor Dukhovni schrieb:
>On Mon, Jan 13, 2014 at 03:18:12PM +0100, Peer Heinlein wrote:
>
>> > We want to load balance mails from the intranet to the
>> > postfix-relayserver-farm for outgoing traffic.
>> > Can we abuse A-records to load-balance in the same way MX-records
>> > have been desig
one there, but had
there been one, I probably wouldn't have picked the wrong set of commands.
>> [...] certificate fingerprint [...] and public-key fingerprints being
>> [...] mutually exclusive.
>
> They are not mutually exclusive.
Ah, OK, thanks for the clarification.
Regards,
Tobias
Yes, they do use a
private root CA, but the MX hosts present the connecting client with the
entire certificate chain, so that is not the problem.
Maybe fingerprinting would work, though. I'll give it a shot on a test
system. Thanks for the suggestion.
Cheers,
Tobias
I do very much
appreciate your suggestions, don't get me wrong. :)
Cheers,
Tobias
cert.pem: OK)
Can anyone offer any insights on this topic? I'm a bit puzzled.
Regards,
Tobias
for my specific need.
--
Tobias Kirchhofer
;;
Don't forget:
[PostfixAdmin config file]
// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table
"quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'YES';
Regards, Tobias
S/DOVECOT.txt.gz (path in debian
squeeze)
- http://wiki1.dovecot.org/Quota/Dict (for Dovecot v1)
- http://wiki2.dovecot.org/Quota/Dict (for Dovecot v2)
Regards, Tobias
h|>12to24h| >24h |
count|27 |3 |0 |41 |25 |3 |0 |0
|2 |9 |
% |25 |2.7 |0 |37 |23 |2.7 |0 |0
|1.8 |8.2 |
Greetz,
Tobias
ty_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_proxy_filter=127.0.0.1:10030
-o smtpd_proxy_options=speed_adjust
-o content_filter=
-o milter_macro_daemon_name=ORIGINATING
Greetz, Tobias
functionaly,without any answer.
Well, for better troubleshooting please post 'postconf -n', your
main.cf and your CA Certificate as well as your Server Certificate.
Tobias
.5.7.3.1
(http://www.oid-info.com/get/1.3.6.1.5.5.7.3.1) and may contain if
you're going to use ist "client authentication" - oid 1.3.6.1.5.5.7.3.2
(http://www.oid-info.com/get/1.3.6.1.5.5.7.3.2).
Greetz, Tobias
am_init(sysparam, pairing);
The reference to pairing_init_set_buf() is line 84 from the error
message. The next line calls a function from pbc as well, but does not
cause an error.
Have you got an idea how to resolve this issue? Or do think this is
caused on libpbc's side?
Again, thanks a lot for your he
gram to the makefile? I have only very
little experience with make unfortunately. If you think my approach is
completely wrong, please feel free to add your comment too.
Best regards,
Tobias
These are the first lines of "postfix-2.6.11/src/smtp/Makefile.in" .
I have not made any changes
e the cleartext passowrd...
---
Best regards,
Tobias Koopmann
--
...and I will promise to go on as long as you want me to,
and I will dream along and help to make it real for you, too...
(the mirror & the lie - Motorpsycho)
--
On Mon, 28 Dec 2009 09:15:05 -0500, Jerry wrote:
>
> That section now looks like this:
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> check_policy_service unix:private/spf-policy
> reject
>
You're sure that the REJECT at the
I have two email adresses: a...@domain.tld and b...@domain.tld
Only a...@domain.tld is registred with several mailinglists. But the user
b...@domain.tld is the one I want to use. So I need to find a way to rewrite
the sender address (b...@domain.tld) to a...@domain.tld BUT only in case the
receiver
Sorry, I should've checked the archives first. I've found
http://archives.neohapsis.com/archives/postfix/2008-11/0337.html, I'll
come back if necessary.
Please excuse my previous post.
Cheers,
Tobias
ow how to pass a
matched expression from a check_sender_access to a check_recipient_access.
Any ideas?
Cheers,
Tobias
50 matches
Mail list logo
