> What do you think about the other one?
> Not for the next release (I'm really looking forward to a stable
> v3.10, so it's great news that you have frozen the code )
>
> but as an idea for the future releases?
I just opened a discussion with Viktor about working towards a
future where SMTP over
?mer G?ven via Postfix-users:
> Hi!
>
> For the next release (3.10), I'd like to propose that unknown tags
> returned by TLS policy socketmap servers are logged as warnings,
> but never regarded as an invalid policy. This would avoid delivery
> errors introduced by future additions, when an older
The following is now part of Postfix 3.10, which is back in the
code freeze stage.
Wietse
smtpd_hide_client_session (default: no)
Do not include SMTP client session information in the Postfix SMTP
server's Received: message header.
o The default setting,
Geert Hendrickx via Postfix-users:
> On Tue, Feb 04, 2025 at 17:09:52 -0500, Wietse Venema via Postfix-users wrote:
> > This reduces the Received: header from:
> >
> > Received: from
> > by servername (Postfix) with id yyy; server-date-stamp
> &g
ellie via Postfix-users:
> I sent a test mail to a throwaway account now, and found the according
> log entry! The one you wanted was gone since I happened to have reboot
> with wiped logs since then. I hope it shows something helpful :-o sorry
> again for the effort.
OK, so I have forgotten ho
Ellie via Postfix-users:
> Yet "Received" still seems present in full, you can see it with this
> e-mail I'm typing in this moment.
Received: from [10.42.0.75]
(dynamic-176-003-178-138.176.3.pool.telefonica.de
[176.3.178.138])
by mail.ekdawn.com (Postfix) with ESMTPSA
Ellie via Postfix-users:
> On 2/4/25 4:50 PM, Wietse Venema via Postfix-users wrote:
> > Yes you did. You forgot to start line 16 with a space or tab.
> >
> > Wietse
> Oops, how silly, sorry! Okay, I think I got it:
>
> smtp inet n - n - - smtpd
>-o
Viktor Dukhovni via Postfix-users:
> On Mon, Feb 03, 2025 at 05:56:45PM -0500, Wietse Venema via Postfix-users
> wrote:
>
> > There is no built-in featrue to delete IP addresses from headers.
>
> But, given the expected header form, it is not difficult to craft a PCRE
>
Ellie via Postfix-users:
> mail-1 | /usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line
> 16: bad field count
>
> (Sorry if I did something super obvious wrong!)
Yes you did. You forgot to start line 16 with a space or tab.
Wietse
__
Ellie via Postfix-users:
> On 2/3/25 11:56 PM, Wietse Venema via Postfix-users wrote:
> > If this is for messages submitted on port 587 (submission) or 465
> > (smtps or submissions), then you can simply delete all Received:
> > message headers, because there shuold be only
Ellie via Postfix-users:
> Dear postfix users group,
>
> Sorry if this is the wrong place to ask, or if this is a nonsensical
> question.
>
> But it seems to me that discarding the exact end-user device IP from
> e-mails sent via any authenticated path is going to be a common scenario
> in tod
Bill Cole via Postfix-users:
> On 2025-02-03 at 13:07:38 UTC-0500 (Mon, 3 Feb 2025 13:07:38 -0500)
> Dan Mahoney via Postfix-users
> is rumored to have said:
>
> > When calling ?postfix reload?, should "postfix/postfix-script: refreshing
> > the Postfix mail system? be written to stderr?
>
> Ye
Dan Mahoney via Postfix-users:
> All,
>
> This is the most minor problem, but I'll bring it up.
>
> We use Lets Encrypt for our certs (using the Dehydrated client),
> and call a 'postfix reload' as part of the hook script if a cert
> has been renewed.
>
> We also wrapper this with ?cronic' which
Klaus Tachtler via Postfix-users:
> Hello,
>
> just so I understand correctly, the recommendation would be to use
> smtpd_end_of_data_restrictions, despite the warning in the Dovecot log?
No. The recommendation is to use the software as intended by its
author, not at end-of-data.
Wietse
Klaus Tachtler via Postfix-users:
> Hello,
>
> I have a question about smtpd_end_of_data_restrictions. In the
> documentation under the following link
> https://www.postfix.org/SMTPD_ACCESS_README.html#lists there is an
> example which looks like this:
>
> # Enforce mail volume quota via
Entrepreneur AJ via Postfix-users:
> But the LMTP connection is timeing out from the second instance (but
> working for the default instance)
>
> I have used tcpdump and can see the connection trying to be established
> but no ack is being received wireshark reading the pcap file keeps
> saying
Thomas Cameron via Postfix-users:
> On 1/30/25 5:06 AM, Viktor Dukhovni via Postfix-users wrote:
> > Those tools are not solutions to the problem, because they're reactive
> > tweaks to discrete instances of a broader mismatch between the policy
> > and requirements. But the source files from whic
Josh Good via Postfix-users:
> On 2025 Jan 29, 23:58, Gerald Galster via Postfix-users wrote:
> >
> > > So I am posting here, to ask whether someone has in his archives an RPM
> > > package of Postfix targeted to Red Hat 6.2 (classic edition)?
> >
> > Try to download and mount the ISO(s). Those i
Thomas Cameron via Postfix-users:
> Wietse -
>
> I know a little about SELinux. This is me:
> https://www.youtube.com/watch?v=_WOKRaM-HI4 (Security-Enhanced Linux for
> mere mortals on the Red Hat Summit YouTube channel).
>
> If you (or anyone) is running into SELinux problems, I am more than
There are more than a few places in the file system where Postfix
meets the non-Postfix world. This is what I came up with in a few
minutes.
- Pathnames in $forward_path (pathnames for .forward files for UNIX
system accounts). These are accessed while impersonating a recipient.
- Pathnames, comma
Steffen Nurpmeso via Postfix-users:
> Hello.
>
> For the first time ever i today get quite some of
>
> Jan 28 22:55:48 ouwa/smtpd[14615]: connect from unknown[unknown]
> Jan 28 22:55:48 ouwa/smtpd[14615]: lost connection after CONNECT from
> unknown[unknown]
> Jan 28 22:55:48 ouwa/smtpd[14
Andr? Gomes via Postfix-users:
> Hi
>
> I`m new on postfix universe.
> I configure a mail server on a dedicated link to send mails to my customers.
> The problem is, i have a old database, (2020, 2021) and i need check these
> emails to avoid any bounce, i dont want my ip on a blacklist ..
>
> Fo
Wietse:
> I understand that you have a recipient validation policy that you
> want to enforce on a primary and secondary MX (the seconary MX
> forwards to the primary and you want to prevent backscatter).
Gerben Wierda:
> No. I have no control over the secondary MX, it is a SMTP-backup
> service
Gerben Wierda via Postfix-users:
>
> > On 23 Jan 2025, at 17:55, Wietse Venema via Postfix-users
> > wrote:
> >
> > Gerben Wierda via Postfix-users:
> >> I was wondering, suppose I have a user like this:
> >>
> >> f...@bar.com is the
Gerben Wierda via Postfix-users:
> Now, the only thing I would like to add - if possible - is to use
> this only for smtp traffic coming from outside on port 25 and not
> from inside or port submission, such that internal senders may use
> the simple usern...@domain.tld form but outside port 25 use
Nothing in Postfix prevents you from developing stateful policies
where repated 'good' clients become longer-term allowlisted, and
repated 'bad' clients become longer-term denylisted, for some
subjective definitions of 'good', 'bad', 'long' and 'short'. In the
case of botnet spam, this will make li
MRob via Postfix-users:
> On 2025-01-23 20:25, Randy Bush via Postfix-users wrote:
> >> I'm using zen.spamhaus.org for blocking and list.dnswl.org (with
> >> filter)
> >> for allowlisting.
> >>
> >> zen.spamhaus.org*2 list.dnswl.org=127.0.[0..255].[1..3]*-2
> >
>
> Question occur to me, is
Gerben Wierda via Postfix-users:
> I was wondering, suppose I have a user like this:
>
> f...@bar.com is the account name
> foo.lastn...@bar.com is the incoming alias and the outgoing canonical
>
> Could I force incoming mail to accept the alias form, but not
> accept the account form? I.e. f...@
Christian Seberino via Postfix-users:
> I tried the following but it blocks emails even from my two legitimate
> Gmail accounts...
>
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
> b.barracudacentral.org*1
>
> Is there a "minimal" setting for thes
James Moe via Postfix-users:
> On 2025-01-22 13:34, Wietse Venema via Postfix-users wrote:
>
> > What was the MAIL FROM address?
> >
> > Command:
> > grep 'qmgr.*6D894104CC9B' /the/maillog/file
> Jan 22 07:25:01 mail-stn14l postfix/qmgr[244191]:
If you have difficulty following my command example, then
you should certainly not follow my old-school instructions.
Maybe there is some new-school tool to instrument systemd jobs
that I haven't heard about. systemd-gdb, anyone?
Wietse
___
Po
Curtis Vaughan via Postfix-users:
> But doesn't this mean it is running?
>
> systemctl status opendkim
>
> Process: 2177789 ExecStart=/etc/init.d/opendkim start (code=exited,
> status=0/SUCCESS)
But doesn't this mean it has exited?
Maybe you can finally try the old-chool stuff.
Curtis Vaughan via Postfix-users:
> I realize there have been a lot of posts about this issue, but in my
> attempts so far, nothing has resolved this issue for me.
>
> The postfix server in question is running on Ubuntu LTS 24.04 and has
> been in operation for over a decade. But today while loo
James Moe via Postfix-users:
> opensuse tumbleweed
> linux 6.12.9-1-default x86_64
> postfix 3.9.1
>
> In postfix 3.9.1 I have been getting bounced messages with the message shown
> below.
>
> How do I correct the problem?
>
> On another system with postfix 3.8.4, I resolved this issue by comme
Wietse Venema via Postfix-users:
> Andrew Bernard via Postfix-users:
> > I am having difficulty understanding VERP replies. The context is that
> > we use Discourse to send mail using a local Postfix server. But failed
> > deliveries are supposed to go to VERP addressess
Andrew Bernard via Postfix-users:
> I am having difficulty understanding VERP replies. The context is that
> we use Discourse to send mail using a local Postfix server. But failed
> deliveries are supposed to go to VERP addressess starting with replies+
> and Postfix says that is an unknown addr
postfix--- via Postfix-users:
> > You may want to comment out protocol or cipher tweaks' these can
> > reduce interoperability:
> >
> > postconf -n | grep tls
>
>
> I do not think I am using any tweaks and try to keep things as default as
> possible. Or maybe I'm misunderstanding.
>
>[root
postfix--- via Postfix-users:
> My distro package manager gives me postfix 3.5.25 with openssl 3.2.2 which
> causes SSL version mismatch warnings I was previously told I could ignore.
>
> I got a failed transaction:
>
>Jan 21 09:15:21 host postfix/smtpd[79286]: warning: run-time library vs.
Wietse Venema via Postfix-users:
> Viktor Dukhovni via Postfix-users:
> > On Fri, Jan 17, 2025 at 08:57:02AM +0100, Tobi via Postfix-users wrote:
> >
> > > > That would be unexpected. I'm implementing support for REQUIRETLS
> > > > (RFC 8689) and that
Viktor Dukhovni via Postfix-users:
> On Fri, Jan 17, 2025 at 08:57:02AM +0100, Tobi via Postfix-users wrote:
>
> > > That would be unexpected. I'm implementing support for REQUIRETLS
> > > (RFC 8689) and that code is supposed to try multiple MXes before it
> > > gives up.
> > >
> > > Have you per
Steffen Nurpmeso via Postfix-users:
> Hello.
>
> Full picture: i am still at the 9fans mailing-list, which over
> time has been migrated to topicbox.com, and this is handled via
> messagingengine.com (it is saddening to do configuration via
> policy server as the two domains are distinct, sigh).
>
postfix-3.10-20250116 has been uploaded to ftp.porcupine.org.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Wietse:
> Have you perhaps configured smtp_mx_session_limit=1 ?
>
> postconf smtp_mx_session_limit
> postconf -P '*/*/smtp_mx_session_limit'
Tobi:
> postconf smtp_mx_session_limit
> smtp_mx_session_limit = 2
> postconf -P '*/*/smtp_mx_session_limit'
> postconf: warning: unmatched request:
A. Schulze via Postfix-users:
>
>
> Am 16.01.25 um 21:18 schrieb Wietse Venema via Postfix-users:
> > diff -ur /var/tmp/postfix-3.10-20250105/src/smtp/smtp_connect.c
> > src/smtp/smtp_connect.c
> > --- /var/tmp/postfix-3.10-20250105/src/smtp/smtp_connect.c 2025-01
A. Schulze via Postfix-users:
> Hello,
>
> I'm installing/running any postfix-3.10-* version in a lab environment.
> Till -20250103 the TLSRPT-part worked noiseless. But since -20250107
> something is broken. My TLSRPT reporting engine no longer receive any data
> from postfix.
> If I disable the
Tobi via Postfix-users:
> Hi list
>
> we have an issue with mail delivery. We use tlspol to tell postfix if
> mta-sts or DANE should be used for a recipient domain. Now we have the
> case that a rcpt domain has 3 MX records. The first one with prio 0 has
> **no** TLSA records but the other two (pr
Florian Piekert via Postfix-users:
> Jan 15 21:38:10 butterfly postfix/local[3652656]: 475F8F8AC4C:
> to=, relay=local, delay=2.9,
> delays=2.9/0.01/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
You want to ADD a recipient with xxx_rcipient_bcc_maps. Done.
Sometimes that added reci
Randy Bush via Postfix-users:
> hi,
>
> i am having timeouts receiving smtp from remote client over a long wire,
> half the planet. is there recommended tuning? thanks.
Postfix logs: "timeout after xxx from host[address]" where xxx is a the last
protocol state.
Where do your connections time
Florian Piekert via Postfix-users:
> Hello Wietse,
>
> >> Jan 15 12:40:48 butterfly postfix/local[3017382]: 225A9F8B1D1:
> >> to=, relay=local, delay=1.7,
> >> delays=1.7/0/0/0, dsn=2.0.0, status=sent (delivered to command:
> >> /usr/local/sbin/devnull)
> >
> > The BCC is delivered to /dev/nul
Florian Piekert via Postfix-users:
> Jan 15 12:40:48 butterfly postfix/local[3017382]: 225A9F8B1D1:
> to=, relay=local, delay=1.7,
> delays=1.7/0/0/0, dsn=2.0.0, status=sent (delivered to command:
> /usr/local/sbin/devnull)
The BCC is delivered to /dev/null in some way or another.
Replace:
Matt Saladna via Postfix-users:
> Did this opportunity provide any meaningful changes in
> documentation/usability? Any rebukes or insights to share some 90
> days later?
The results, both fascinating and amusing, contain a fraction of the
information in the Postfix READMEs that they were generate
Florian Piekert via Postfix-users:
> Hello postfix-users,
>
> I run pf 3.10-20250107 on ubuntu 24.04.
>
> I use sender_bcc_maps and recipient_bcc_maps with pcre: mapping. The files
> are simple.
>
> However, I am puzzled by some behaviour of postfix that doesn't fit my
> expectation somehow.
>
Marco Fioretti via Postfix-users:
> Greetings,
>
> I have found myself with the task of moving/recreating the mail server of a
> small ngo from an old VPS which hasn't been updated for years but still
> works without any visible problem, to a new one.
>
> The current server runs postfix 2.10.1 +
Christian Roessner via Postfix-users:
> Hello,
>
> I have written a lightweight HTTP proxy for Postfix socket maps and policy
> services.
>
> DESCRIPTION
> pfxhttp is a lightweight HTTP proxy seamlessly integrated
> with Postfix, enabling communication with external HTTP-based
>
Florian Piekert:
> Question:
> I assume, it is not possible, based on EHLO of sending server, to
> NOT list STARTTLS in the pf 250 capabilities listing?
POstfix can suppress the STARTTLS by client IP address.
Example with table inlined in main.cf:
/etc/postfix/main.cf:
smtpd_discard_ehlo_key
Steffan Cline via Postfix-users:
> Wietse,
>
> 127.0.0.1 was in the resolv.conf file on the NS from the start.
> If I take out the GoogleDNS from the name servers, would that resolve this
> issue?
You need to ensure that the resolvers on your NS VMs aren't forwarding
queries through someone else
Steffan Cline via Postfix-users:
> Wietse,
>
> On my mail server, this is the resolv.conf
>
> # cat /etc/resolv.conf
> # Generated by NetworkManager
> search hldns.com
> nameserver 199.249.188.251
> nameserver 199.249.188.252
> nameserver 199.249.188.253
>
> These are all my own name servers how
Florian Piekert:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Good evening Wietse and Viktor,
>
> I remember there was a recent thread about postfix, TLS and Exchange and
> failures to exchange(receive email by postfix). I didn't want to bother the
> list again,
Steffan Cline via Postfix-users:
> I am hoping someone has already come across this issue.
> I'm trying to integrate Spamhaus with my postfix set up. I've followed their
> directions below.
> After applying the configs, it fails. I get a series of emails similar to
> shown below.
What is in your
> Jan 12 12:24:34 mail postfix/master[1155]: fatal: bind 0.0.0.0 port 587:
> Address already in use
Postfix cannot listen on port 587 because Jack Raats found this:
root@zen:~ # telnet mail.servicemouse.com 587
Trying 2600:3c01::f03c:91ff:fe3e:9c37...
Connected to mail.servicemouse.co
Greg Klanderman via Postfix-users:
> In a related question, how do people running multi- instance
> configurations know which instance a log line pertains to? Or would
> you typically have different log files for each instance?
That is in fact what recent main.cf settings do:
syslog_name = $
Nicholas Reilingh via Postfix-users:
> Appreciate the help ? when I finally was able to strace smtpd, I discovered
> that it was stalling on flock(, LOCK_EX)
> for some reason.
>
> I have /var/spool/postfix as one of the persistent named volumes
> in the Docker configuration (so that any of the
Postfix does not cache DSNS lookup results. It relies on the
resolver configured in /etc/resolv.conf.
Postscreen honors the 'negative' TTL when it allowlists a client
that passes DNSBL checks, but it does not store the query result
itself.
Wietse
__
I suggst that you strace the smtpd process as described in
https://www.postfix.org/DEBUG_README.html#auto_trace
This will log a lot of information, and if you are stuck with systemd
logging rate limits, then we may need to do some additional surghery
to get at the evidence.
Wietse
The f
Joachim Lindenberg:
> Given the fact that "encrypt" implies no "dane" this sounds like
> a bad idea for interoperability with dane sites.
Wietse:
> No problem. Postfix currently does not try DANE (or STS) with the
> default TLS security level "may".
Joachim Lindenberg:
> Correct. But would you th
Joachim Lindenberg via Postfix-users:
> Wietse wrote:
> > When an SRV response for "_smtps._tcp.example.com" names the standard SMTP
> > port, the feature overrides a default TLS security level "may" with
> > "encrypt". This is on/off configurable and needs a few lines of code in the
> > SMTP cl
Greg Klanderman via Postfix-users:
> I understand presence of any '/' indicates some error.
>
> Is 'unknown' just any unknown command? And the number before the '/'
> will always be 0?
ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
It's successful/total if there were errors, or just one number
Greg Klanderman via Postfix-users:
>
> Hello all and Happy New Year!
>
> Is there some documentation for the list of tags, their meanings, and
> the format for the value after '=' for the 'disconnect from' log
> lines?
This was described in RELEASE_NOTES-3.0, but not in the manpages
or README fi
I scanned the draft version 3. On the Postfix side this appears
to involve:
- For "_smtps._tcp.example.com" SRV responses that don't name the
standard SMTP port, it may be helpful to automatically turn on TLS
wrappermode for a configurable list of service names. This is nice
to have and relativel
Full disclosure: I was the original finder of the STARTTLS plaintext
injection problem, which affected Postfix and several other SMTP
server implementations. See the text and links to other info in
https://www.postfix.org/CVE-2011-0411.html
This is an easy to make mistake, and it is also easy to
Steffen Nurpmeso via Postfix-users:
> Btw why do you say "odd"? SRV has the possibility for port 0 ever
> since it was created, yet port 0 never was a valid port. So to
> the contrary even (hah!) we finally live it in full, what was only
> envisioned in the past. If that isn't progress, i do not
Gerd Hoerst via Postfix-users:
> Hi !
>
> i guess this is the line
>
> non_smtpd_milters = inet:localhost:8891, inet:localhost:8893,
> permit_mynetworks, permit_sasl_authenticated
Indeed. However, fixing this may expose other mistakes.
Wietse
___
Gerd Hoerst via Postfix-users:
> Hi !
>
> as i wrote in a previous post im moving my mail server to another one
> with mostly copying the config..
>
> i made some tests before moving it...
>
> Now i have some warnings in my log which i cannot associate
>
> 2024-12-29T14:09:37.542057+01:00 virg
Michael Tokarev via Postfix-users:
> Hi!
>
> After some experiments with postconf -F yesterday I noticed an
> interesting outcome of it. I'm editing diff a bit, to omit the
> unimportant details.
>
> # cp -p master.cf master.cf.sav
> # postconf -F '*/*/chroot=n'
> # diff -u master.cf master.cf.s
Sam James via Postfix-users:
> Wietse Venema via Postfix-users writes:
>
> > Sam James via Postfix-users:
> >> Hi,
> >>
> >> Apologies if this was reported already.
> >>
> >> Upcoming GCC 15 defaults to -std=gnu23 with whic
Sam James via Postfix-users:
> Hi,
>
> Apologies if this was reported already.
>
> Upcoming GCC 15 defaults to -std=gnu23 with which Postfix fails to build.
>
> As reported at https://bugs.gentoo.org/945733, with postfix-3.9.0, we
> get:
> ./mail_params.h:17:13: error: two or more data types in
Tommy Berglund via Postfix-users:
> l?r 2024-12-28 klockan 09:32 -0500 skrev Wietse Venema via Postfix-
> users:
> > Tommy Berglund via Postfix-users:
> > > I am using Postfix 3.7.11 on Debian 12
> > >
> > > How can I disable chroot in Postfix?
> >
&g
Tommy Berglund via Postfix-users:
> I am using Postfix 3.7.11 on Debian 12
>
> How can I disable chroot in Postfix?
Change the chroot column to 'n'.
1 - Make a backup copy of master.cf
2 - Execute the command: postconf -F '*/*/chroot=n'
There should be no warnings
3 - Verify with "postco
Cowbay via Postfix-users:
> > Postfix adds a missing (Resent) Message-ID, Date, or From header
> > when a message is received as an original or resent submission, not
> > when it receives a message from a remote MTA (for some definition
> > of 'remote').
> >
> > (Postfix detects that a message is
Cowbay via Postfix-users:
> Hello,
>
> My Postfix is 3.4.23-0+deb10u2. It's old.
>
> I got a rare mail with the Resent-Sender header and no other Resent- headers.
>
> Since I configured the local_header_rewrite_clients, cleanup(8) insert the
> missing Resent- headers for this mail.
>
> Accordi
Bill Cole via Postfix-users:
> On 2024-12-24 at 18:10:24 UTC-0500 (Tue, 24 Dec 2024 15:10:24 -0800)
> Randy Bush via Postfix-users
> is rumored to have said:
>
> > and without 1.3
> >
> [...]
> > 2024-12-24T23:09:18.525130+00:00 m0 postfix/smtpd[1379]: Anonymous TLS
> > connection established fr
Randy Bush via Postfix-users:
> fwiw, i tried
> smtpd_tls_session_cache_timeout = 0
> and
> smtpd_tls_session_cache_timeout = ridiculous
>
> both with and without `!TLSv1.3`
>
> no mail transfer
This will have to wait until Viktor reads this thread. This
is a failure that happens after t
Randy Bush via Postfix-users:
> > Maybe this will work around the problem:
> > smtpd_tls_protocols = >=TLSv1 !TLSv1.3
>
> because of all the warnings, i `systemctl restart`ed postfix. still whined.
>
> 2024-12-24T21:55:54.219911+00:00 m0 postfix/master[189212]: warning:
> /etc/postfix/main.
Randy Bush via Postfix-users:
> why is the actual mail not transferred. how to debug?
The TLS handshake completes, and then the Microsoft client drops
the connections, before or afte sending the post-handshake EHLO.
This appears to be a bug in the Microsoft TLSv1.3 support.
Maybe this will work
Dirk St?cker via Postfix-users:
> Hello,
>
> > Postfix logs TLS status details before it logs delivery status details.
>
> ...
>
> > With plaintext delivery, that first line will not be logged.
>
> I know.
>
> > In both cases the logging shows the SMTP client process name and
> > process ID, a
If your content filter makes chnages to the content then that
invalidates a DKIM signature.
Best practice therefore is to verify signatures before making content
changes, and to add signatures after making content changes.
Wietse
___
Postfix-use
Steffen Nurpmeso via Postfix-users:
> |If there is demand, then support for that syntax can be added later.
> |Hint: I don't find any instances of such syntax in my email archive.
>
> Oh! That is easy to get, you only need a non-US-ASCII attachment
> filename.
It is not relevant for Postfix.
Dirk St?cker via Postfix-users:
> Hello,
>
> for outgoing TLS connections with smtp_tls_loglevel=1 I can see the
> Trusted, Untrusted or Verified lines easily by a grep with " connection
> established to " in the log.
>
> Now I tried to find all remaining unencrypted connections and failed. I
Andreas Kuhlen via Postfix-users:
> Hello,
> I am running my Postfix server with Amavis, Spamassassin, Clamav and
> have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and
> receiving mail is working satisfactorily so far. However, I noticed
> today that a DKIM signature field is
Steffen Nurpmeso via Postfix-users:
> Wietse Venema via Postfix-users wrote in
> <4ygfy22qc4zj...@spike.porcupine.org>:
> |The "full name" encoding for Postfix-generated From: headers is
> |implemented. Code will be released after it has matured.
>
The "full name" encoding for Postfix-generated From: headers is
implemented. Code will be released after it has matured.
Documentation:
https://www.postfix.org/postconf.5.html#full_name_encoding_charset
Wietse
___
Postfix-users mailing list -- p
Alexander Leidinger via Postfix-users:
> Am 2024-12-22 01:39, schrieb Peter via Postfix-users:
> > On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
> >>
> >> However, there are other mechanisms being developed, for example
> >> OAUTH2,
> >> which, in terms of Cyrus SASL, does not work
Laura Smith via Postfix-users:
> Following a Debian Bookworm update I am now seeing connectivity issues that
> were not present before (everything was working perfectly before)
>
> Postfix on the instance starts up fine, i.e. indicating no configuration
> errors.
>
> The error is:
> $ openssl s
Michael Tokarev via Postfix-users:
> 21.12.2024 20:55, Viktor Dukhovni via Postfix-users wrote:
> > On Sat, Dec 21, 2024 at 08:35:29PM +0300, Michael Tokarev via Postfix-users
> > wrote:
> >
> >> 21.12.2024 20:15, Michael Tokarev via Postfix-users wrote:
> >>
> >>> plus a few other workarounds fo
Tomasz Pala via Postfix-users:
> On 2024-12-20 19:02, Wietse Venema via Postfix-users wrote:
> >
> >> You say "local is non-chrootable" - I say local is the mostly exposed,
> >> running user-provided content, binary and environment. It's the local
> &g
Michael Tokarev via Postfix-users:
> I still yet to see the reason for this, besides a statement "chroot is
> painless for freebsd but for linux is unsupportable", which is nothing
> but a big old myth, since the two works the same.
That is a myth, because we already discussed that glibc needs fil
Michael Tokarev via Postfix-users:
> There's nothing in the docs saying if dovecot sasl can work with
> non-plaintext mechanisms. In almost all docs and examples I've
> found, dovecot side of the config is configured with
> "auth_mechanisms = plain login". There are some vague references
> to usa
E R via Postfix-users:
> Curious if there are others using the maillog_file setting who have
> found that "out of the box" RHEL 8+ or 9+ will not allow Postfix to
> start? I worked around the issue by creating a policy module for
> testing purposes thanks to the help the SELInux Tool gave me (#sea
Tomasz Pala via Postfix-users:
> On 2024-12-20 08:03, Michael Tokarev via Postfix-users wrote:
> >>
> >> And then you're going to watch this list and respond accordingly? ;)
> >
> > Absolutely. This is exactly why I asked in the first place.
> > I don't see why you're smiling there.
>
> Because i
Wietse Venema via Postfix-users:
> Michael Tokarev via Postfix-users:
> > 20.12.2024 00:22, Wietse Venema via Postfix-users wrote:
> > > Michael Tokarev via Postfix-users:
> > >> Here's a little change for the `postfix' command I'd love to have
> >
1 - 100 of 1153 matches
Mail list logo
