[pfx] Re: Rejecting messages with Multiple From addresses (and no Sender)

s from sites doing this? If spam, any specific flavor? Charles > > Thanks, > -Matt > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org __

[pfx] Re: IPv6 and Cloud server CPU

party repos have newer versions taht you want to use, but > not for ARM. Is this a common thing with Linux distros? I've not dabbled there in ages, but on the various *BSDs they tend to have a designation for each architecture, for example FreeBSD at some point moved

[pfx] Re: IPv6 and Cloud server CPU

27;t let me in, so YMMV in setting up an account there). Charles > > Linux is offered on both, but am wondering if there is possibly some > processor to work-load (mis-)matching beyond my understanding... > > (yes, appreciate the irony that the concern may be 'efficiency'

[pfx] Re: Accepting mail from old Dell iDRAC

> On Aug 5, 2023, at 3:38 PM, Viktor Dukhovni via Postfix-users > wrote: > > On Sat, Aug 05, 2023 at 03:27:01PM -0400, Charles Sprickman via Postfix-users > wrote: > >>> Nope, ever since SSL 3.0 the client proposes and the server chooses. >>> The is

[pfx] Re: Accepting mail from old Dell iDRAC

P) and then a dozen or so unix variants as needed for testing, experimenting, etc. Recently I missed a drive failure because the email alerts didn't work and here we are... Dell EOL'd the iDrac7 back in 2020, so this hack-around is permanent: https://www.

[pfx] Re: Accepting mail from old Dell iDRAC

> On Aug 4, 2023, at 1:23 PM, Charles Sprickman via Postfix-users > wrote: > > > >> On Aug 3, 2023, at 5:46 AM, Jaroslaw Rafa via Postfix-users >> wrote: >> >> Dnia 2.08.2023 o godz. 23:28:09 Charles Sprickman via Postfix-users pisze: >&

[pfx] Re: Accepting mail from old Dell iDRAC

> On Aug 3, 2023, at 5:46 AM, Jaroslaw Rafa via Postfix-users > wrote: > > Dnia 2.08.2023 o godz. 23:28:09 Charles Sprickman via Postfix-users pisze: >>> The iDRAC is trying to use STARTTLS, so encrypted SMTP transport appears >>> to be supported. As noted by

[pfx] Re: Accepting mail from old Dell iDRAC

Hi Viktor and everyone else - replying with more information inline... > On Aug 2, 2023, at 9:33 AM, Viktor Dukhovni via Postfix-users > wrote: > > On Wed, Aug 02, 2023 at 01:26:43AM -0400, Charles Sprickman via Postfix-users > wrote: > >> [root@mail /usr/local/e

[pfx] Accepting mail from old Dell iDRAC

to give me a hint as to what cipher is being tried so I can allow it... How can I troubleshoot this a bit more? Thanks, Charles ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: server does not pick up new certificates

tomicity > of key/cert updates. In the case of the dehydrated ACME client ( https://github.com/dehydrated-io/dehydrated) there's an option to run a bunch of commands on successful update, including something like "postfix reload" - one could a

[P-U] Re: sys4 is listed in Abusix

fleet of user accounts on all the major freemail providers and send your sample content through your smtp server over a period of a week or so. They also automate interaction with the inbox - including marking it "not spam". Not cheap though... and I have no idea how they justify a busine

Re: Replacing initial "Received:" line on submission?

server's IP though which is rather unusual. OP here - just noting that's not what I was after. Just the hop before the server (ie: the MUA). Charles > >> Yeah, this particular IP has an unusual case, and IP matches (made a bit >> more precise could work, but I'd a

Re: Replacing initial "Received:" line on submission?

" it with a fixed key. I'm wondering if that's a "milterable" thing - extract the first received header, crypt it, then put it back in the same place in the headers... Also, pointers to a skeletal perl-based milter are welcome... Thanks, Charles > > -- >Viktor. signature.asc Description: Message signed with OpenPGP

Replacing initial "Received:" line on submission?

filter, but I'm not seeing anything out there yet. I'm also not sure if the various header replacement options using regexes I've seen are going to mess up my DKIM signing. Any pointers on what direction to go with this? Thanks, Charles

Re: Verbose logging issues of postfix in docker container

not writing any logs to /var/log... Charles > > Thank you and best regards, > Sam signature.asc Description: Message signed with OpenPGP

Re: Reject when delivering to a pipe?

When the output begins with a 4.X.X or 5.X.X enhanced status code, the status code takes precedence over the non-zero exit status (Postfix version 2.3 and later). Charles > On Oct 2, 2022, at 6:33 PM, Dan Mahoney wrote: > > Hello all, > > If I am piping my mail to a p

Re: Postfix.org website

bing some random list and doing silly things with it. Charles > > -- >Viktor. signature.asc Description: Message signed with OpenPGP

Re: Why the name Postfix?

latypus”. https://ispbilling.com <https://ispbilling.com/> (long since acquired by some other company) :) Charles > > -- >Viktor.

Re: Choosing relay based on sasl username?

> On Feb 23, 2022, at 10:30 AM, Wietse Venema wrote: > > Wietse Venema: >> Charles Sprickman: >>> Oops, sorry, "sender_dependent_relayhost_maps" should be >>> "sender_dependent_default_transport_maps" below... >> >> In both ca

Re: Choosing relay based on sasl username?

Oops, sorry, "sender_dependent_relayhost_maps” should be “sender_dependent_default_transport_maps” below... > On Feb 23, 2022, at 2:17 AM, Charles Sprickman wrote: > > Hi all, > > I’m having some issues figuring out if this is possible and then if so, how > to appr

Choosing relay based on sasl username?

match and the default transport is used. If I add an entry to match the From address, that works fine, as expected. So can I do this, but use the SASL username? Thanks, Charles

Re: https://www.postfix.org/ in trouble

someone types “https://www.postfix.org/ <https://www.postfix.org/>“, or has a browser that uses https by default, and accepts any warnings, they land on another site. And if the answer is “don’t accept the override”, I mean I guess maybe someone will try http eventually, or they may figure

Re: postfix.org site CSS change

> On Jun 2, 2021, at 1:40 PM, post...@ptld.com wrote: > >> On 06-02-2021 1:35 pm, Josef Vybíhal wrote: >>> the background was changed to white. >> curl -sI http://www.postfix.org/postfix.css | grep Last >> Last-Modified: Sun, 20 Feb 2011 12:14:00 GMT > > Any ideas why the background "to me" is

Re: Postfix restrictions

;> recommended to avoid: postgrey > >>> On Jun 7, 2020, at 8:03 AM, Laura Smith >>> wrote: >>> I agree. Greylisting is a primitive, last century "sledgehammer to crack a >>> nut". >>> >>> It has no place in 2020's anti-spam. &

Re: The historical roots of our computer terms

> On Jun 7, 2020, at 2:03 PM, vi...@vheuser.com wrote: > > Why not take it off this list and contact the developers? > Users can't make small changes. > Enough already. The intersection of “this is meaningless politics, stop being such a carelord” and “shield my eyes from further discussion of

Re: Postfix restrictions

". > > It has no place in 2020's anti-spam. I’m going to have thoughts on this next week when I trial it. RIght now there is no other option for “pausing” spammers until they show up on my DNSBLs… I tried postscreen with the after-220 checks that implement a very brief “greylist”, but it was largely ineffective. Charles

Re: Preferred/maintained greylisting options?

> On May 24, 2020, at 7:21 PM, Wietse Venema wrote: > > Charles Sprickman: >> Hi all, >> >> I have a site with a very old domain that's at the front of the >> alphabet. For some reason (age, alphabetical order, ???) that >> domain gets bombard

Re: Preferred/maintained greylisting options?

give us free access in return for a spamtrap. :) It’s also incredibly obvious there are some colos that are catering to these people, esp. that firm out of Buffalo… Charles >

Preferred/maintained greylisting options?

in the past due to a userbase that’s sensitive to delays, but… the spam is worse. Thanks, Charles

postfix mynetworks question

Hi everyone, I'm seeing that you can move the trusted networks (mynetworks) in main.cf from a single line to a file. My question is this: in the file format, is it one IP per Line or do you still put It on one line seprating out by commas? Also, is it safe to put comments in that file? I'd

Re: may we suggest ICANN not run that many new tlds?

> On Nov 19, 2019, at 3:28 PM, Antonio Leding wrote: > > But I predict it will fall on deaf ears… > > Suggesting this is tantamount to suggesting the PSTN not increase the # of > area codes or NXX numbers. Things like this are created as the demand > grows…and due to the complete metamorpho

Re: Dictionary attacks

en of dealing with arbitrary logfile changes is probably a pain. It’s crazy how the open source world has gone from railing against the Microsoft monoculture issue to creating their own (unintentionally but still…). Charles > > > -- > Phil Stracchino > Babylon Communications > ph...@caerllewys.net > p...@co.ordinate.org > Landline: +1.603.293.8485 > Mobile: +1.603.998.6958

Re: OT: Postscreen and scoring/blocking by ISP

> On May 31, 2019, at 7:45 PM, Wietse Venema wrote: > > Charles Sprickman: >> https://www.team-cymru.com/IP-ASN-mapping.html#dns >> <https://www.team-cymru.com/IP-ASN-mapping.html#dns> >> >> That?s part way there. I can easily find the ASNs I care to

Re: OT: Postscreen and scoring/blocking by ISP

team-cymru.com/IP-ASN-mapping.html#dns <https://www.team-cymru.com/IP-ASN-mapping.html#dns> That’s part way there. I can easily find the ASNs I care to penalize. But still have to figure out how to do something with that in postscreen… Charles > > Allen C

Re: OT: Postscreen and scoring/blocking by ISP

SpamAssassin. It scores most of the missed emails around 2-3 points, almost exclusively via Bayes. Thanks, Charles > On May 20, 2019, at 8:49 PM, David Mehler wrote: > > Hello, > > I don't know about the netblocks your looking for, but what is > snowshoe spam? What

OT: Postscreen and scoring/blocking by ISP

up a local RBL with the things I want to cover? And while I’m asking, any interesting RBLs you folks use that are based on non-standard criteria (country-based RBLs, lists of RFC-ignorant hosts, etc.)? Thanks, Charles

Re: Troubleshooting postscreen/dnsblog

> On Feb 21, 2019, at 3:26 PM, Wietse Venema wrote: > > Charles Sprickman: >> Hi all, >> >> Looking for some help on troubleshooting postscreen? >> >> I was recently reworking the list of rbls that I use with postscreen and >> realized that qui

Troubleshooting postscreen/dnsblog

/advice on troubleshooting beyond Postfix? I’m pointing all my rbl queries at an instance of dnscache (which is admittedly quite old, probably abandoned)… Recs on a lightweight dnscache replacement? Thanks, Charles

Re: Google blocking...again...

; users. We had maybe 25 clients setup with expanded limits five years > after implementing the policy deamon. I was hoping that the rate-limiting was enough, but I found that whatever was spamming through the compromised accounts was intelligent. If we let 100/hour through, they’d ratchet do

Re: Spamhaus blocking Spectrum IPs; rbl_override not working

> On Aug 21, 2018, at 11:42 AM, Fongaboo wrote: > > > > Last night, it would appear that zen.spamhaus.org started blacklisting a > number of IPs assigned to Spectrum consumers, of which I am one. […] > # Spectrum > 23.0.0.0/8 OK > 24.0.0.0/8 OK […] OT, but is your list of exemptions refl

Re: Prevent Backscatter

Maybe I'm blind, but I don't see any recipient restrictions at all On January 20, 2017 5:41:29 PM EST, Postfix User wrote: >My test procedure follows >telnet domain.com 25 >ehlo me >mail from: >rcpt to: >At this point I get "Ok" message, and I can continue writing the body >of t

Postfix 3.0.3 TCP interface Panic error condition

startup -- throttling Has anyone used the TCP interface with postfix 3.0.3? Charles

Re: Is this sane submission setup?

On 4/29/2016 9:51 AM, Alice Wonder wrote: > What I'm trying to have it do is define the blog hosts (there are three > or four of them, with about 20 different domain names on each host) can > connect over 587 with authentication but that even with the right uname > / password, connection is ref

Re: Is this sane submission setup?

On 4/29/2016 3:02 AM, Alice Wonder wrote: > submission inet n - n - - smtpd >-o syslog_name=postfix/submission >-o smtpd_tls_security_level=encrypt >-o smtpd_sasl_auth_enable=yes >-o smtpd_reject_unlisted_recipient=no >-o smtpd_client_restrictions=

Re: BURL

On 4/18/2016 11:46 AM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >> I would s love to be able to uncheck the 'Save copy to Sent folder' >> for my postfix+dovecot accounts. > What client would do this? Also, just noticed that there is apparent

Re: BURL

On 4/18/2016 11:46 AM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >> I would s love to be able to uncheck the 'Save copy to Sent folder' >> for my postfix+dovecot accounts. > What client would do this? Thunderbird (alluded to this in my O

Re: BURL

On 4/18/2016 9:42 AM, Charles Marcus wrote: > I also found this email from Mike Abbot in April 2010 announcing > Apple's contribution of a patch for both postfix and dovecot for BURL > support, and for CATENATE and URLAUTH support for dovecot too, so I'm > confused about t

Re: BURL

w what happened here? I would s love to be able to uncheck the 'Save copy to Sent folder' for my postfix+dovecot accounts. */Charles/*/* */

Postfix SMTP pass-thru to Office365

/sent using the Office365 SMTP system? I'm thinking some kind of SMTP Auth pass-thru, but I'm not sure exactly what to google on, and I don't think this is a normal relay setup... Appreciate a pointer to the correct terminology for such a setup so I can find the docs on how to do it. Thanks! Charles

Re: port 25 465 and 587 confusion.

On 4/6/2015 5:31 AM, Sebastian Nielsen wrote: > IMHO I find it better to only allow submission from trusted nets. So, you prefer to cripple your users by not allowing them to send email when outside the office? > Better to disable authentication completely, and completely disable mail > submiss

Postfix RCPT TO parameters

? Charles

Re: Drop connection based on Enhanced Error Code

Noel Jones wrote: On 2/23/2015 10:33 AM, Charles Orth wrote: Hi All, At this time, we're relying on extended error code 5.2.1 to drop the connection. I suppose you're referring to the 521 reply code. We'd like to a more robust set of extended error codes (RFC5

Drop connection based on Enhanced Error Code

extended status codes to drop the connection? Are others interested in such a feature? Charles

Re: Blacklisting external domains

On 2/6/2015 8:52 AM, li...@rhsoft.net wrote: > it's simple > > * if there is any permit in front - well > * if you are using specific "submission_client_restrictions" >and have placed the access table in front of any permit it >works > > in that context postfix is dead-simple > > the f

Re: Blacklisting external domains

On 2/6/2015 8:58 AM, li...@rhsoft.net wrote: > and BTW one reason more to make a transport > it is not affected by other restrictions > > it just comes at the end of the chain when postfix now would accept the > message even by a explicit OK in any restriction table > > http://www.postfix.org/tra

Re: Blacklisting external domains

On 2/6/2015 8:26 AM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >>>user@domain >>> Matches the specified mail address. >>>domain.tld >>> Matches domain.tld as the domain part of a

Re: Blacklisting external domains

On 2/5/2015 5:06 PM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >> Ok... but... this sounds like you are saying that it is expected that my >> simple postmap -q test would fail, but that someone attempting to relay > I am saying that you should RTFM the acc

Re: Blacklisting external domains

On 2/5/2015 4:35 PM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >> Ok, Can't seem to figure this out... >> >> I want to block sending to certain domains - in this case, a domain that >> is typod... >> >> Googling suggests this

Blacklisting external domains

Ok, Can't seem to figure this out... I want to block sending to certain domains - in this case, a domain that is typod... Googling suggests this should work: smtpd_relay_restrictions = check_recipient_access ${hash}/blacklisted_domains, permit_sasl_authenticated, permit_mynetworks, reject black

Re: maximal_queue_lifetime not honored

s for you help. Viktor Dukhovni wrote: On Mon, Feb 02, 2015 at 10:19:24AM -0500, Charles Orth wrote: bounce_queue_lifetime = 4h Well, you said that you expect a 30 minute lifetime, but clearly you should have expected at least four hours. Can you explain why you need a dedicated queue

Re: maximal_queue_lifetime not honored

bounce_queue_lifetime = 4h Viktor Dukhovni wrote: On Thu, Jan 29, 2015 at 06:25:28PM -0500, Charles Orth wrote: maximal_queue_lifetime = 30m And bounce_queue_lifetime is?

maximal_queue_lifetime not honored

We are seeing some issues with our bounce complex. This complex only handles bounces so if we can't deliver them, they are typically discarded. We are expecting mail to be removed after 30 minutes but we're queuing on the complex where some mails messages are around for 10+ hours. I am curious

Re: Why does SPF fail sometimes?

On 12/17/2014 1:18 AM, Peter wrote: > It appears that google has gone down the path of blocking mail that > doesn't pass these stringent tests and I now cannot see my own > postings to lists such as this one or certain others who post. Sorry, this has nothing whatsoever to do with SPF or DMARC or

Re: queue message when lmtp link to remote server is down

On 10/26/2014 11:56 PM, ferriswheel wrote: > yes, that was the problem. maximal_queue_lifetime and > bounce_queue_lifetime were set to '0' regards john So, maybe you should post postconf -n output and see if there any other obviously massive fails in your config?

Re: Ubuntu: Postfix Admin, Roundcuble setup at mailserver

On 10/20/2014 7:43 AM, Austin Einter wrote: > Can somebody guide me how can I setup postfix admin interface and > roundcube at my mail server. Follow the directions for those packages, and if you encounter any problems, ask for help on *their* support lists? This is a list for support for *postf

Re: Bare HELO/EHLO

On 10/14/2014 6:36 PM, Benny Pedersen wrote: > But post atleast postconf -n on pastebin please don't... Many people will not click on links to unknown things, and it breaks historical references (the links may/will not work forever). Always paste these things inline...

Re: Postfix SASL auth - client alway sent e-mail even password change until I run again client app

On 10/8/2014 7:54 AM, Tomasz Kopczyński wrote: > I have the same problem with imap (dovecot). Even if I change password > for user I can read email in thunderbird until I close it. You didn't say, but since you mentioned dovecot, are you using dovecot sasl? If so, maybe: http://wiki2.dovecot.o

Re: header_checks is checked before sender_access

On 10/2/2014 4:37 AM, Alberto Lepe wrote: > On Thu, Oct 2, 2014 at 5:27 PM, Alberto Lepe > wrote: > > There is a customer that is sending mails from excel using a > banned client in the server "header_checks" restrictions (client > can not be changed due to tech

Re: Add --version option to postfix

On 9/29/2014 9:02 AM, Eray Aslan wrote: > On Mon, Sep 29, 2014 at 08:13:38AM -0400, Charles Marcus wrote: >> On 9/28/2014 3:01 PM, LuKreme wrote: >>> Yes, it’s (postfinger) a separate package. >> Yeah, and unavailable in gentoo repo... :( > It is a shell script. Yo

Re: Add --version option to postfix

On 9/28/2014 3:01 PM, LuKreme wrote: > Yes, it’s (postfinger) a separate package. Yeah, and unavailable in gentoo repo... :(

Re: Add --version option to postfix

On 9/28/2014 10:57 AM, LuKreme wrote: > On 27 Sep 2014, at 09:19 , Charles Marcus wrote: >> > On 9/27/2014 11:07 AM, wie...@porcupine.org (Wietse Venema) >> > wrote: >>> >> Would an updated postfinger command help? Wietse >> > >> > We

Re: Add --version option to postfix

On 9/27/2014 11:07 AM, wie...@porcupine.org (Wietse Venema) wrote: Would an updated postfinger command help? Wietse Well... if it could provide the output I described, then certainly. The suggestion for a new command was just to illustrate I was saying it didn't have to be a postconf command

Re: Add --version option to postfix

On 9/27/2014 7:48 AM, wie...@porcupine.org (Wietse Venema) wrote: Use "postconf -d", not "postconf -n". -n is for settings in the configuration file, -d is for the built-in settings which include the version, release date, and so on. Thanks Wietse... Please understand that what follows is jus

Re: Add --version option to postfix

I asked a long time ago if the postfix version could be added to the postconf -n output (like dovecot does), but was told it wasn't possible for some technical reason I didn't understand... On 9/26/2014 9:42 PM, Karl-Philipp wrote: Hi together, In order to figure out the version of a program

Re: Sending root's mail out?

On 9/24/2014 3:21 PM, leam hall wrote: Am I the only person who has ever worked in a place that won't let you post logs on a publicly archived internet site? Probably, since there is absolutely no sane reason for such a thing. Thank you for wasting everyone's time.

Re: compromised mail server

Hi, See inline. Thank you! On Thu, Aug 21, 2014 at 10:02 AM, Wietse Venema wrote: > Charles Richard: > > Hi, > > > > I have inherited a postfix 2.6 mail server which also uses Dovecot > 1.1.14 . > > > > This is basically a legacy mail server that can'

compromised mail server

d rules we have setup. Thanks, Charles

Re: 'aliasing' one domain to another?

On 7/31/2014 7:21 AM, li...@sbt.net.au wrote: On Thu, July 31, 2014 8:55 pm, Charles Marcus wrote: You have to have a 1-1 mapping for each valid user. Postfixadmin (sql based administrative tool for managing email user accounts for postfix) supports domain aliases out of the box (does the 1

Re: 'aliasing' one domain to another?

On 7/31/2014 5:59 AM, li...@sbt.net.au wrote: I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all working well, as per setup below user of the mydom.tld.au has also registered mydom.tld (to prevent cybersquating) sometimes they make mistakes and attempt to send emails to a_u.

Re: How to block offering SASL auth to clients based on RBL

On 6/10/2014 1:24 PM, Kai Krakow wrote: > And those silly autodetection of older MUAs sticks to port 25 unencrypted. So even new customers who redo > their installations on their own silently go back to port 25. So... why on earth are you allowing UNENCRYPTED AUTH at ALL, let alone on port 2

Re: Troubleshooting a delivery failure

On 5/30/2014 3:52 PM, Tony Nelson wrote: And for completeness, the full bounce is at the end of this message. Try again. Your report won't be complete until you show the full logs for this event. The bounce notification, while not totally useless, is not necessary. Best regards, Charles

Redirect all DSN messages to a secondary host

cannot find any lmtp configuration or filtering option that will allow me to forward the bounce to the same bounce complex as specified in the sender_dependent_relayhost_maps file. Charles

milter extension for recipient DSN

Hi, Has there been any thoughts on support for passing recipient DSN information to milter protocol (eg rcpt_dsn macro)? Charles

lost mail because of vacation responser

gh there was an away message. Does this make any sense? I don't understand how her mailbox could behave that way. Thanks, Charles

Re: Changing SSL certificates - switching from self-signed to RapidSSL

e-read the postfix docs a few times afterwards, I may actually gain a reasonable if not rudimentary understanding of how these pieces fit together. Hope you're having a great holiday weekend! Charles On 4/19/2014 12:36 PM, Viktor Dukhovni wrote: On Sat, Apr 19, 2014 at 07:06:31AM -0400,

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/19/2014 6:32 AM, Charles Marcus wrote: Would you mind a quick check of both our smtp. and mail. (I'm guessing that I would need to do the same thing for dovecot's cert too)? Hi Victor, I hate to keep imposing on you, but since I don't have the postfinger tool, and h

SOLVED - Re: Changing SSL certificates - switching from self-signed to RapidSSL

#x27;ll post a final SOLVED with what I had to do to get RapidSSL certs working with postfix (and dovecot). -- Best regards, Charles

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/19/2014 6:32 AM, Charles Marcus wrote: Thanks again Victor, without the support on this list many of us wanna-be admins would be in way over our heads... One other question... Would I be correct that the following error I'm now seeing since changing the certs could be caused by

Re: Changing SSL certificates - switching from self-signed to RapidSSL

the same thing for dovecot's cert too)? Thanks again Victor, without the support on this list many of us wanna-be admins would be in way over our heads... -- Best regards, Charles

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/18/2014 3:50 PM, Viktor Dukhovni wrote: In the sample command, "server_cert.pem" is a plausible name for a file that holds just the leaf server certificate. While "intermediate_CA.pem" is a plausible name for a file that hold one or more intermediate CA issuer certificates (in the right or

Re: Changing SSL certificates - switching from self-signed to RapidSSL

On 4/18/2014 3:06 PM, Viktor Dukhovni wrote: On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote: No. The correct approach is at: http://www.postfix.org/TLS_README.html#server_cert_key With legacy public CA trust verification, you can omit the root certificate from

Re: Changing SSL certificates - switching from self-signed to RapidSSL

Thanks for the response Victor... On 4/18/2014 2:20 PM, Viktor Dukhovni wrote: On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote: Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now

Changing SSL certificates - switching from self-signed to RapidSSL

ook correct? Thanks, Charles

Cut over to another server

ore than an hour or 2. Thanks, Charles

Re: Asking about heartbleed

On 4/10/2014 7:57 PM, postfix-us...@tja-server.de wrote: Wietse Venema wrote: OpenSSL versions prior to 1.0.1 don't have the hearbeat feature and have never been affected by this bug. ii openssl 0.9.8o-4squeeze14 Secure Socket Layer (SSL) binary and relat

Re: DNSSEC

diate problem, and their normal DNS service is excellent (and really cheap - $29/yr for up to 10 domains)... -- Best regards, Charles

Re: DNSSEC, was Re: TLS client logging PATCH

m), and that are known to 'do DNSSEC' right? -- Best regards, Charles

Re: Address Rewriting vs Aliasing - I need all recipients to see each other

n, -- Best regards, Charles

Address Rewriting vs Aliasing - I need all recipients to see each other

added as 'To:', and the other as 'CC:', but again, not really that important, as long as they will each see the other got it. I'm guessing I need to use Address Rewriting rather than just an alias, but I'm not sure which method or how to accomplish it. Thanks, Charles

Re: canonical maps

very easily in postfixadmin by simply using the alias domain feature. -- Best regards, Charles

  1   2   3   4   5   6   7   8   >