On Wed, Feb 05, 2025 at 02:01:27PM +0100, Geert Hendrickx via Postfix-users
wrote:
> It seems that such reduced Received header would not be RFC5321 compliant,
> as the "from " clause is mandatory according to section 4.4.
It is still a valid Received header, just like the ones added by
submissi
On Tue, Feb 04, 2025 at 08:17:08PM -0500, postfix--- via Postfix-users wrote:
> > If the intent is to only censor submission, This is not correct, it will
> > drop all "Received" headers from any mail that is not delivered locally,
> > so entirely unsuitable for relaying non-submission mail, risks
On Tue, Feb 04, 2025 at 06:29:47PM -0500, postfix--- via Postfix-users wrote:
> I might have misunderstood the point of this as im jumping in late, but
> there is both `header_checks` and `smtp_header_checks`.
> Normal header checks get applied to (smtpd) mail being received on port 25
> on it's w
On Mon, Feb 03, 2025 at 05:56:45PM -0500, Wietse Venema via Postfix-users wrote:
> There is no built-in featrue to delete IP addresses from headers.
But, given the expected header form, it is not difficult to craft a PCRE
table that does the job well.
> If this is for messages submitted on port
On Wed, Jan 29, 2025 at 08:47:47PM -0600, Thomas Cameron via Postfix-users
wrote:
> > This is no worse, imo than any other type of logs, including Postfix
> > logs which can be difficult for a newcomer to fully understand and which
> > has collate to help organise the logs to better present them.
On Sun, Jan 26, 2025 at 12:11:21AM +1100, duluxoz via Postfix-users wrote:
> ... so no, there's no separate "mail-hub" / "edge-mail-gateway" set-up
> - its all the one box with the haproxy box sitting in-front.
Understood, that makes the consolidated edge/hub/submission/... server
somewhat more c
On Sat, Jan 25, 2025 at 11:48:14AM -0500, Bill Cole via Postfix-users wrote:
> Set the server's hostname (and by default postfix's myhostname) to a
> FQDN (ideally one which is not resolvable in public DNS but is
> resolvable locally, either as a hosts file entry or in an internal DNS
> view.)
Th
On Sat, Jan 25, 2025 at 11:27:13PM +1100, duluxoz via Postfix-users wrote:
> So, the internal email domain is used by both servers sending in email
> alerts/reports (to the sys-ops) and by users for internal organisation
> communication. Those users that require external email access also have an
On Sat, Jan 25, 2025 at 10:06:36AM +0100, Tomasz Pala via Postfix-users wrote:
> > Emails are permitted to be sent between all three domains.
>
> I would try:
>
> master.cf:
> smtpd [...]
> -o virtual_mailbox_domains=example.com,example.org
This does not do what you think it does, because
On Fri, Jan 24, 2025 at 03:30:43PM +1100, duluxoz via Postfix-users wrote:
> I'm using a MariaDB backend to Postfix. Everything is working correctly
> until I attempt to secure the Postfix<->MariaDB connection with a TLS
> Certificate. When I perform a `postmap -q example.com
> mysql:/etc/postfix/
On Thu, Jan 23, 2025 at 04:01:13PM +0100, Gerben Wierda via Postfix-users wrote:
> Could I force incoming mail to accept the alias form, but not accept
> the account form? I.e. f...@bar.com as address is blocked, but
> foo.lastn...@bar.com is accepted and delivered to f...@bar.com
Postfix access
On Tue, Jan 21, 2025 at 05:16:29PM -0500, Wietse Venema via Postfix-users wrote:
> >[root@host /]# postconf -n | grep tls
> >milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
> > {tls_version}
> >smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> >smtp_tls_CApath = /e
On Tue, Jan 21, 2025 at 02:32:05PM +0100, Damian via Postfix-users wrote:
> Does Postfix support Brainpool curves?
OpenSSL supports or does not support curves, Postfix just uses OpenSSL,
but the *default* list of curves passed to OpenSSL:
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp38
On Mon, Jan 20, 2025 at 08:50:18PM -0700, Christian Seberino wrote:
> Thanks so much. I now have this in main.cf instead with permit at the
> end...
>
> smtpd_recipient_restrictions=
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain
On Mon, Jan 20, 2025 at 05:19:57PM -0600, Christian Seberino via Postfix-users
wrote:
> I set up a Postfix server to send and receive emails for autoprog.org.
> It successfully sends but cannot receive emails. When I try the sender
> gets "Recipient address rejected: Access denied". Why? How f
On Sun, Jan 19, 2025 at 08:19:25AM -0500, Wietse Venema via Postfix-users wrote:
> Or we could rearrange the Postfix TLS stack and skip a host when
> DANE is required but trust anchors are unavailable.
This makes considerable sense with "dane-only". There's really no point
attempting to connect
[ Repost from "mailop" list ]
Just FYI for those with the nixspam RBL configured in their systems (For
example it's enabled in rspamd by default)
It's just shutdown - https://www.nixspam.net/?old_domain=true
Sad to see as it was always quite reliable as a signal of spamminess
IMHO.
Make sure t
On Fri, Jan 17, 2025 at 08:57:02AM +0100, Tobi via Postfix-users wrote:
> > That would be unexpected. I'm implementing support for REQUIRETLS
> > (RFC 8689) and that code is supposed to try multiple MXes before it
> > gives up.
> >
> > Have you perhaps configured smtp_mx_session_limit=1 ?
> >
>
On Thu, Jan 16, 2025 at 08:33:39AM -0500, Wietse Venema via Postfix-users wrote:
> > dane-only to postfix in that case. Now it seems that postfix only tries
> > the first MX, sees that there is no TLSA and defers the message.
That's unexpected, because "deferring" a message is what happens only
On Wed, Jan 15, 2025 at 01:33:53PM -0500, Wietse Venema via Postfix-users wrote:
> Florian Piekert via Postfix-users:
> > Hello Wietse,
> >
> > >> Jan 15 12:40:48 butterfly postfix/local[3017382]: 225A9F8B1D1:
> > >> to=, relay=local, delay=1.7,
> > >> delays=1.7/0/0/0, dsn=2.0.0, status=sent (
On Wed, Jan 15, 2025 at 03:47:19AM +0100, Vincent Lefevre via Postfix-users
wrote:
> As documented in https://www.postfix.org/VIRTUAL_README.html
> section "Mail forwarding domains", to forward mail to another user,
> I have in the /etc/postfix/main.cf file (something set up in 2009):
>
> virtua
On Mon, Jan 13, 2025 at 11:02:32AM +0100, Patrick Ben Koetter via Postfix-users
wrote:
> Is it a valid mail address if the domainpart ends with a trailing dot. e.g.
> like this: recipi...@example.com.
No. That is not a valid email address, despite the fact that the domain
part of the addres is
On Sat, Jan 11, 2025 at 08:16:37AM +0100, Klaus Tachtler via Postfix-users
wrote:
> I have set the following configuration in /etc/postfix/main.cf:
> append_at_myorigin = no
Best to not do that.
> If I now create an e-mail locally via (Postfix) sendmail, which is also
> stored locally under /va
On Thu, Jan 09, 2025 at 04:13:44PM -0500, Greg Klanderman via Postfix-users
wrote:
> >>>>> On January 7, 2025 Viktor Dukhovni via Postfix-users
> >>>>> wrote:
>
> >> I found smtpd_service_name, and guessing I could use that to
> >>
On Tue, Jan 07, 2025 at 07:57:45PM -0500, Greg Klanderman via Postfix-users
wrote:
> I just tried adding '-o syslog_name=postfix/submission' to master.cf
> for my submission port, as I would like to be able to distinguish log
> lines for the two smtpd ports. I had expected it to completely
> rep
On Thu, Jan 02, 2025 at 01:56:07AM +, r.barclay--- via Postfix-users wrote:
> Hello,
>
> I have a system that happens to be disconnected from my LAN for 2 or 3 weeks,
> from time to time.
>
> I use Postfix to process mail generated locally, e.g. reports from
> unattended-upgrades.
> All ema
On Wed, Jan 01, 2025 at 08:13:35PM -0500, Greg Klanderman via Postfix-users
wrote:
> I'm fine with allowing a little probing, especially if the host doing
> so has reverse DNS set up, which I assume you do. But I do not see
> any trace of 'dnssec-tools.org' in my logs; is that the domain you are
On Wed, Jan 01, 2025 at 07:21:18PM -0500, Greg Klanderman via Postfix-users
wrote:
> I was also going to ask how to distinguish port 25 vs submission in
> the logs but looks like I should be able to use syslog_name for that..
> though changing this may require adjustments to fail2ban config.
As
On Wed, Jan 01, 2025 at 10:01:56PM +0100, Antonin VERRIER via Postfix-users
wrote:
> Le 01/01/2025 à 21:26, Christian Seberino via Postfix-users a écrit :
> [...]
> > server.login("cs@bighelp.business", password)
> [...]
> > ===
On Tue, Dec 31, 2024 at 09:51:01PM +0100, Gerd Hoerst via Postfix-users wrote:
> So here also the right sender address
> > Yes its the file if i change only the file postfix croaks that
> > /etc/aliases is newer then /etc/aliases.db (after i ran postalias
> > /etc/aliases it has an older tim
On Tue, Dec 31, 2024 at 06:28:25PM +0100, Gerd Hoerst via Postfix-users wrote:
> I deliver my email locally with procmail... i have 5 users... 4 are working
> and 1 always complains
>
> the message is
>
> virgo postfix/local[1137241]: EDC1B6102A: to=, relay=local,
> delay=0.01, delays=0/0/0/0.01
On Sun, Dec 29, 2024 at 09:48:26AM +0300, Michael Tokarev via Postfix-users
wrote:
> # postconf -F '*/*/chroot=n'
> # diff -u master.cf master.cf.sav
This diff is backwards. It would be more helpful to diff
the new against the old.
> --- master.c
> +++ master.cf.sav
> @@ -64,9 +64,9 @@
> trac
On Sun, Dec 29, 2024 at 02:16:31PM +0100, Gerd Hoerst via Postfix-users wrote:
> Hi !
>
> as i wrote in a previous post im moving my mail server to another one with
> mostly copying the config..
>
> i made some tests before moving it...
>
> Now i have some warnings in my log which i cannot assoc
On Wed, Dec 25, 2024 at 08:42:51AM -0800, Randy Bush via Postfix-users wrote:
> >>> Randy, I'm disappointed
> >> And I embarrassed. clearly I blew it when creating the new mx
> >> target.
> > I am glad you took the friendly jibe in stride.
>
> stride? i blew it badly, a real stoopid.
>
> > http
On Tue, Dec 24, 2024 at 09:08:41PM -0800, Randy Bush via Postfix-users wrote:
> > Randy, I'm disappointed
>
> And I embarrassed. clearly I blew it when creating the new mx target.
I am glad you took the friendly jibe in stride.
> > I' like to suggest some serious attention to monitoring
>
> b
On Tue, Dec 24, 2024 at 12:50:04PM +0100, Dirk Stöcker via Postfix-users wrote:
> > Postfix logs TLS status details before it logs delivery status details.
>
> ...
>
> > With plaintext delivery, that first line will not be logged.
>
> I know.
>
> > In both cases the logging shows the SMTP clie
On Tue, Dec 24, 2024 at 12:33:04PM -0800, Randy Bush via Postfix-users wrote:
> why is the actual mail not transferred. how to debug?
>
> 2024-12-24T20:27:05.074565+00:00 m0 postfix/smtpd[188336]: connect from
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]
> 2024-
On Sun, Dec 22, 2024 at 08:07:22PM -0500, Wietse Venema via Postfix-users wrote:
> The "full name" encoding for Postfix-generated From: headers is
> implemented. Code will be released after it has matured.
>
> Documentation:
> https://www.postfix.org/postconf.5.html#full_name_encoding_charset
Coo
On Mon, Dec 23, 2024 at 10:50:49AM +1100, Viktor Dukhovni via Postfix-users
wrote:
> On Sun, Dec 22, 2024 at 02:31:56PM +, Laura Smith via Postfix-users wrote:
>
> > > Note that after the above you're allowing TLS 1.0 by default, where you
> > > insisted on TLS
On Sun, Dec 22, 2024 at 02:31:56PM +, Laura Smith via Postfix-users wrote:
> > Note that after the above you're allowing TLS 1.0 by default, where you
> > insisted on TLS 1.2 or higher before. Postfix parsing of the legacy
> > protocol negations has not changed. But you should be using the
> >
On Sun, Dec 22, 2024 at 02:04:46PM +, Laura Smith via Postfix-users wrote:
>
>
>
> > Perhaps Postfix does not "listen" on the IPv6 address? You can use nc or
> > lsof
> > to find out.
> >
>
> See above where I said "worked fine before the update". "Worked fine"
> includes external valid
On Sat, Dec 21, 2024 at 08:35:29PM +0300, Michael Tokarev via Postfix-users
wrote:
> 21.12.2024 20:15, Michael Tokarev via Postfix-users wrote:
>
> > plus a few other workarounds for lack of cap-dac-override.
>
> It looks like it's hardly possible to get away from cap_dac_override,
> because it
On Sat, Dec 21, 2024 at 01:51:46PM +0300, Michael Tokarev via Postfix-users
wrote:
> Hi!
>
> I'm trying to get a "big picture" about how postfix works with
> various SASL options. It looks like there's a big overview
> missing in the docs somehow.
>
> We've basically two big kinds of SASL mecha
On Fri, Dec 20, 2024 at 10:46:33PM +0100, Jaroslaw Rafa via Postfix-users wrote:
> There's no "Return-To" header among standard email headers. There is
> "Reply-To", to indicate the address where the reply sent by the (human)
> recipient should go, and there's "Return-Receipt-To", to indicate the
On Tue, Dec 17, 2024 at 09:55:32AM +0800, Bitfox via Postfix-users wrote:
> I saw that when messages sent to duck.com for forwarding, duck.com will
> remove the original DKIM info from headers, to protect the sender privacy.
>
> I am just curious how to remove that DKIM in postfix?
Top-level Hea
On Tue, Dec 17, 2024 at 08:43:48AM +0100, Ansgar Wiechers via Postfix-users
wrote:
> On 2024-12-17 Tobi via Postfix-users wrote:
> > I'm looking for a way to achieve the following: if postfix smtp client
> > cannot establish a TLS connection to MX host then we want to change
> > nexthop **and** ad
On Mon, Dec 16, 2024 at 07:32:15AM -0500, postfix--- via Postfix-users wrote:
> This is what the packages were built with. Is this right/wrong? Do I have
> options that don't involve building from source? Do I need to wait until the
> package maintainers build against a newer SSL?
The warnings ar
On Mon, Dec 16, 2024 at 12:03:52PM +0300, Michael Tokarev via Postfix-users
wrote:
> The good news though is that all libnss_*.so which comes with glibc
> are not needed in chroot at all, they're built-in to the libc.so
> proper, and separate .so files are provided for compatibility only.
But su
On Mon, Dec 16, 2024 at 04:06:10AM -0500, postfix--- via Postfix-users wrote:
> Just to double check this isn't a configuration library issue on my end?
> Someone is messing around? I have dozens of these repeated in the logs.
You've recently installed an updated OpenSSL package on your system.
On Sun, Dec 15, 2024 at 11:34:54AM +0100, Tomasz Pala via Postfix-users wrote:
> System-wide "defaults to 1 messages in 30s" and "is applied per-
> service", so this can be easily resolved by providing postfix.service
> with:
>
> LogRateLimitIntervalSec=0
Nice in theory, but neither Wietse n
On Sun, Dec 15, 2024 at 11:16:16AM +0300, Michael Tokarev via Postfix-users
wrote:
> What was so unreliable in there?
On Sun, Dec 15, 2024 at 09:29:48AM +0100, Tomasz Pala via Postfix-users wrote:
> On 2024-12-15 01:07, Wietse Venema via Postfix-users wrote:
> Would you mind elaborating this a
On Sat, Dec 14, 2024 at 11:16:47AM +0300, Michael Tokarev via Postfix-users
wrote:
> What's the reason for the pickup daemon to be waked up every 60s?
> Either on a modern system, or at all?
Because "wakeup" signals from postdrop(1) are not reliable. Absent
frequent message arrival, with postdr
On Sat, Dec 14, 2024 at 04:20:26PM +1000, Laura Steynes via Postfix-users wrote:
> I've noticed since implementing milter-regex that if there is an inbound
> message addressed to two addresses, that if one is caught by a milter-regex
> reject rule (stopping a html message to a system address which
On Fri, Dec 13, 2024 at 07:56:08AM +0300, Michael Tokarev via Postfix-users
wrote:
> And second, the usage of "expr" utility is wrong, as it does
> not work when the system release is 0.something. Consider:
>
> expr 0.foo : '\([0-9]*\)'
This is a counter-intuitive oddity of the expr(1) regex
On Thu, Dec 12, 2024 at 02:40:29AM +0100, natan via Postfix-users wrote:
> I upgrade from postfix-3.7.x to postfix-3.9.x (Almalinux and repo GT-plus)
> and i get problem
>
> Dec 11 23:58:31 smtp2 postfix/postmap[24258]: warning: dict_mysql:
> mysql_set_character_set 'utf8mb4' failed: Unknown char
On Mon, Dec 09, 2024 at 04:29:54PM +0100, Tobi via Postfix-users wrote:
> Finally found it :-) RCPT domain changed not long ago from Gmail to
> Microsoft and uses mta-sts. Out mta-sts resolver still had the policy
> for gmail, therfore the delivery to Microsoft could not be verified. We
> just del
On Mon, Dec 09, 2024 at 08:10:38AM +, Sad Clouds wrote:
> On Sun, 8 Dec 2024 21:59:00 +1100
> Viktor Dukhovni via Postfix-users wrote:
>
> > - It looks like smtpd(8) on port 25 only uses cleanup(8) via verify(8),
> > that's not the case. The communication with
On Mon, Dec 09, 2024 at 10:00:41PM +0100, Gerd Hoerst via Postfix-users wrote:
> Do you have a good page for checking this (including DKIM/DANE/SPF )
Checking what exactly? For checking DANE:
- https://dane.sys4.de/
- https://www.huque.com/bin/danecheck-smtp
- https://stats.dnssec-t
On Mon, Dec 09, 2024 at 12:03:02PM +0100, Tobi via Postfix-users wrote:
> > Is that preventing mail delivery, or just noise in the logs?
>
> not just noise. It prevents our delivery and finally we bounce back to
> sender with "expired"
SMTP defaults to unauthenticated TLS. What settings, if any,
On Mon, Dec 09, 2024 at 11:27:53AM +0300, Michael Tokarev via Postfix-users
wrote:
> If main.cf has multi_instance_enable=yes, and multi_instance_wrapper
> set, an instance becomes a multi-instance, and `postfix start` will
> run the multi_instance_wrapper instead of the usual postfix-script,
> s
On Mon, Dec 09, 2024 at 08:28:55AM +0100, Tobi via Postfix-users wrote:
> since this weekend we have the issue that our postfix seems to be
> unable to verify TLS certs presented by Microsoft. We get
>
> > Server certificate not verified
Is that preventing mail delivery, or just noise in the log
On Sun, Dec 08, 2024 at 07:39:18PM +0300, Michael Tokarev via Postfix-users
wrote:
> > - default_database_type
> > - alias_database
> > - ...
>
> How this can depend on the system environment? Maybe only if it is
> something like (sorry I don't remember the correct syntax) --
>
On Sun, Dec 08, 2024 at 07:09:26PM +0300, Michael Tokarev via Postfix-users
wrote:
> This is exactly why debian install scripts for postfix jumps through
> numerous hoops just to init the initial /etc/aliases.db. This
> complexity and unreliability is astonishing,
I just see it as self-inflicte
On Sun, Dec 08, 2024 at 05:43:38PM +0300, Michael Tokarev via Postfix-users
wrote:
> But a package might be installed from another system for example
> (bootstrapping) where host name is not required to be set, or during
> regular system setup when host name part hasn't been done yet, or in
> num
On Sun, Dec 08, 2024 at 09:36:05AM +, Sad Clouds wrote:
> On Sat, 7 Dec 2024 23:50:14 +1100
> Viktor Dukhovni via Postfix-users wrote:
>
> > No role. Where are you going with this "all the internal details
> > please" perspective?
>
> Hello, in the n
On Sat, Dec 07, 2024 at 10:29:12PM +0100, Gerd Hoerst via Postfix-users wrote:
> I found a nice internet site (https://internet.nl) where you can test
> you www or email server.
>
> If i run the test on my actual "in setup" email server i get 2 failures
> where i cant figure out after a lot of go
On Sat, Dec 07, 2024 at 09:43:33AM +, Sad Clouds wrote:
> Hi everyone, thanks for the clarifications, this is quite useful. I
> have another question about TLS pipelines.
>
> Do smtpd and smtp processes talk directly to tlsmgr process, or does
> this pipeline always go through tlsproxy? Does
On Wed, Nov 27, 2024 at 10:38:45AM +0100, Ralf Hildebrandt via Postfix-users
wrote:
> Yep, that's matching. Prior to that I was running postfix-3.10-20241027
> I'm reverting back to postfix-3.10-20241027 for the time being.
There was NO reason to revert, you're just seeing a more informative log
On Fri, Dec 06, 2024 at 08:24:54AM +, Sad Clouds via Postfix-users wrote:
> Hello, I agree with you, I'm just trying to see the big picture and how
> all Postfix components fit together. At least for me, it helps to
> visualize the entire Postfix architecture in one diagram, even if that
> get
On Mon, Dec 02, 2024 at 08:27:16AM -0500, Wietse Venema via Postfix-users wrote:
> Michael Tokarev via Postfix-users:
> > so now it's the bounce which is *also* marked as requiring SMTPUTF8.
> > I'm not sure this is right or not, - the bounce itself hopefully should
> > not include non-7bit headers
On Thu, Dec 05, 2024 at 04:49:45PM +0100, Tomasz Pala via Postfix-users wrote:
> According to man 5 virtual recursion can be terminated by aliasing to
> itself, however office@ex.. is not a real account (the backup@ex.. is)
> and we'd like to avoid having one (unless necessary).
You can avoid rec
On Thu, Dec 05, 2024 at 03:59:04PM +0800, Bitfox via Postfix-users wrote:
> Thanks for your work.
> Is it safe to upgrade from postfix 3.7 to 3.9?
Your 3.7 may be older than the branch point of 3.8, so just in case see:
https://github.com/vdukhovni/postfix/blob/postfix-3.7/postfix/RELEASE_NO
On Wed, Dec 04, 2024 at 09:04:43PM +1300, Tim Harman wrote:
> > This seemed to be about TLS handshake failures, not connection loss
> > after a successful handshake... Did I misunderstand?
>
> No, you don't misunderstand. Their ticket/bug is about TLS handshake
> failing.
> I was clearly gettin
On Wed, Dec 04, 2024 at 12:13:13PM +1300, Tim Harman via Postfix-users wrote:
> FIXED
>
> smtpd_tls_session_cache_timeout = 0
This is very odd, because:
- Session tickets are either successfuly decrypted or not.
- If yes, the TLS handshake proceeds more quickly, and
the clien
On Tue, Dec 03, 2024 at 12:39:16PM +1300, Tim Harman via Postfix-users wrote:
> I'm fairly sure this is a Microsoft problem, but I'm asking anyway in case
> I'm doing something really dumb.
Ignore the other responses, they are not relevant... The problem would
typically be incorrect DANE TLSA re
On Sun, Dec 01, 2024 at 07:21:13PM +0300, Michael Tokarev via Postfix-users
wrote:
> On the other hand, it shouldn't be a very difficult task to implement this
> for local submission given postfix has all the infrastructure available.
>
> So I'd say postfix should do this if not only for complet
On Thu, Nov 28, 2024 at 01:57:57PM +0100, natan via Postfix-users wrote:
> print("DUNNO") # REJECT, PERMIT, DUNNO
You did not read the docs carefully, the output should be:
action=DUNNO\n\n
> Nov 28 13:54:15 mx postfix/smtpd[2953675]: warning: missing attribute action
> in input fr
On Thu, Nov 28, 2024 at 03:02:36PM +0100, Ivica Glavočić via Postfix-users
wrote:
> I wanted to enable SSL/TLS implicit encryption on port 465, in order
> to do that, I added option smtpd_tls_wrappermode = yes in main.cf
> config file, it worked.
No, it did not "work", because in main.cf it affe
On Tue, Nov 26, 2024 at 12:20:12PM -0500, Wietse Venema via Postfix-users wrote:
> > > /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
> > > 5$1 No luck today
> >
> > Where is "No luck today" shown then? Only in the DSN or also in the SMTP
> > session?
>
> 2 - As
On Mon, Nov 25, 2024 at 03:29:54PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> > Have you tries connecting to this server with:
> >
> >$ openssl s_client -connect :25 \
> >-starttls smtp -tls1_2 -cipher 'HIGH+AES+kRSA+CBC:@STRENGTH'
> >
> > Seems like determining whethe
On Mon, Nov 25, 2024 at 11:52:07AM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> This is Debian 12, postfix 3.7.11 and SSL 3.0.15.
Does Debian do anything similar to RedHat's crypto policy?
> > Note that these ciphers don't enable "forward-secrecy", they use RSA key
> > exchange:
> >
On Sun, Nov 24, 2024 at 03:09:06PM +0100, Thomas Landauer via Postfix-users
wrote:
> * First is a question:
> Is default_delivery_status_filter affecting Postfix's messages (a) in the
> SMTP session, (b) in the logfile, and/or (c) in DSNs?
As promised, it modifies the delivery status, which may
On Sat, Nov 23, 2024 at 11:11:11AM -0800, Randy Bush via Postfix-users wrote:
> >> did the trick, along with a specific transport
> >>
> >> s...@m0.rg.net local:/var/mail/spam
> >
> > You've still not quite internalised my explanation of local(8) nexthops.
> > There's no good reason
On Fri, Nov 22, 2024 at 05:54:31AM -0800, Randy Bush via Postfix-users wrote:
> > I don't think that using local(8) as a content filter is a good idea,
> > perhaps you meant to instead use "REDIRECT" or "HOLD".
>
> /^X-Spam.*YES/ REDIRECT s...@m0.rg.net
>
> did the trick, along with a speci
On Fri, Nov 22, 2024 at 01:09:06PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> Our customer has an old scanner/printer seems to support TLS1.2, but only a
> few weak ciphers that are forbidden in out postfix configuration, according
> to old discussion in this list:
TLS 1.2 is accep
On Thu, Nov 21, 2024 at 01:26:23PM +0100, Ralph Seichter via Postfix-users
wrote:
> * Viktor Dukhovni via Postfix-users:
>
> > Why not:
> > defer_transports = local
>
> That's what I was wondering, too. For example, I like using
>
> postconf -e defer_
On Thu, Nov 21, 2024 at 01:09:35PM -0800, Randy Bush wrote:
> # cat /etc/postfix/milter_header_checks
> /^X-Spam.*YES/ FILTER local:/var/mail/spam
- man 5 transport
- man 8 local
> leaves nothing in /var/mail/spam. as rspamd reports a lot of X-Spam
> headers added, i presume t
> On 21 Nov 2024, at 9:30 PM, Thomas Landauer via Postfix-users
> wrote:
>
> What I was looking for is a way to kinda "suspend" Postfix while doing
> maintenance on the server (i.e. local transport not available).
>
> I now solved this by adding:
>
>> smtpd_client_restrictions = check_client_
On Tue, Nov 19, 2024 at 10:01:14PM +0100, Thomas Landauer via Postfix-users
wrote:
> when handing over incoming messages to an external command (i.e. a `pipe`
> delivery in `master.cf`), is it possible to keep the sender "on hold" in the
> SMTP session and then answer with 500 right away (if the
On Sun, Nov 17, 2024 at 04:47:17PM -0800, Randy Bush via Postfix-users wrote:
> 2024-11-18T00:03:12.077805+00:00 m0 postfix/smtpd[1756]: warning:
> TLS library problem: error:0A000102:SSL routines:
> :unsupported protocol
-
> :../ssl/statem/statem_
On Sat, Nov 16, 2024 at 05:23:05PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> Note that directives like default_extra_recipient_limit and
> default_destination_rate_delay apply mail that is already in your queue, not
> incoming mail.
True, but also neither are good candidates for o
On Sat, Nov 16, 2024 at 06:22:24PM +0800, Hua Y via Postfix-users wrote:
> > smtpd_client_message_rate_limit = 0
> > smtpd_client_recipient_rate_limit = 0
>
> do this two options have any difference? thanks.
The parameters are of course documented:
http://www.postfix.org/TUNING_READ
On Sat, Nov 16, 2024 at 08:53:11AM +, jeff--- via Postfix-users wrote:
> I am sorry that for my bad expression which may caused your misunderstanding.
>
> I want the rate limit on incoming messages to our local users.
>
> for example, we have a domain foo.com, and have a user john...@foo.com
On Sat, Nov 16, 2024 at 09:02:28AM +0100, Danjel Jungersen via Postfix-users
wrote:
> >$ postconf -d default_destination_recipient_limit
> >default_destination_recipient_limit = 50
> >
> >The customer can still send mail to 100s of recipients, you'll just
> >deliver such messages as multi
On Sat, Nov 16, 2024 at 05:17:39PM +1100, Phil via Postfix-users wrote:
> > > Is default_extra_recipient_limit not limiting the number of recipients in
> > > a
> > > given message ?
> >
> > No. And, what did you have in mind anyway?
> >
> > - Limiting the recipient count of incoming SMTP m
On Sat, Nov 16, 2024 at 05:04:32PM +1100, Phil via Postfix-users wrote:
> On 16/11/24 16:58, Viktor Dukhovni via Postfix-users wrote:
> > On Sat, Nov 16, 2024 at 01:38:25PM +0800, Hua Y via Postfix-users wrote:
> >
> > > > default_destination_rate_delay = 3
> >
On Sat, Nov 16, 2024 at 04:52:24PM +1100, Phil via Postfix-users wrote:
> Yes - default_destination_rate_delay sets how many seconds between sending
> messages,
Even for non-SMTP transports or internal relaying, ... not a good idea.
> the server could have a 1000 messages in the queue and it wi
On Sat, Nov 16, 2024 at 01:38:25PM +0800, Hua Y via Postfix-users wrote:
> > default_destination_rate_delay = 3
> > default_extra_recipient_limit = 50
> >
> > works for small setups . . .
>
> Can you please explain the two options a bit more?
For the first, see
https://www.postfix.org/postconf
On Fri, Nov 15, 2024 at 09:21:45PM +0800, Hua Y via Postfix-users wrote:
>
> Hi list
>
> can you help check if my options for smtps/submission are correct?
>
> in master.cf:
>
> ascleanup unix n - y - 0 cleanup
> -o header_checks=pcre:/etc/postfix/header_check
On Fri, Nov 15, 2024 at 02:25:14PM +0100, Florian Piekert via Postfix-users
wrote:
> the problem surely is on my end. But where and why. Maybe someone has an idea.
What problem exactly?
> -all three have in master.cf for tlsproxy the -D parameter at the end
Why?
> -all three have same debugge
1 - 100 of 3237 matches
Mail list logo
