Hi everybody...
In theory, it's possible to centralize and share the Postfix address
verification database used by verify daemon across multiple servers using
memcache
Please, has anyone implemented this setup? If so, how well does it work in
practice?
Thanks in advance,
Pete._
Thanks Benny, and sorry for the HTML part... (my fault)
It seems i have a whimsical DKIM signer that needs some review.. :-)
Regards,
Pete.
On Tuesday, July 22, 2025 at 02:16:10 PM GMT+2, Benny Pedersen via
Postfix-users wrote:
Pedro David Marco via Postfix-users skrev den 2025-07-22
David Marco via Postfix-users:
>
> Hi,
>
> I'm using Postfix 3.7.11 and I've noticed that when a message is moved to the
> HOLD queue, the mailq command does not display the recipient(s) of that
> message.
>
> Additionally, even after releasing the message from H
Hi,
I'm using Postfix 3.7.11 and I've noticed that when a message is moved to the
HOLD queue, the mailq command does not display the recipient(s) of that message.
Additionally, even after releasing the message from HOLD to the deferred queue
using postsuper -H , the mailq output still hides th
Thanks Viktor, i missundersating postfix documentation... i am doing something
wrong
Thanks a lot again!
Pete.
On Wednesday, June 11, 2025 at 06:25:22 PM GMT+2, Viktor Dukhovni via
Postfix-users wrote:
On Wed, Jun 11, 2025 at 03:35:07PM +, Pedro David Marco via Postfix-users
Hi everyone,
I'm running a Postfix server and have encountered an issue where some SMTP
clients (usually Amazon servers) keep their connections open even after
successfully sending a message. Over time, this behavior causes all available
smtpd connection slots (e.g., 100 concurrent connections)
le.
>
> OTOH that setup doesn't seem so simple in that (AFAICT) neither certbot nor
> acme.sh can generate such a combined file.
>
> Sean
dehydrated does it.
--
Erwan David
___
Postfix-users mailing list -- postfix-users@postf
ustry has been
> fighting tooth and nail to avoid deploying IP6 since it was invented.
>
>
I worked for hosting companies. One was technically ready to connect customers
in IPv6,
the other one had it on study. But in both we (the tech staff) w
Hi everybody...
is there anyway to make smtpd and/or qmgr be slighty more verbose?
i would like to have more info pero line about "from" and "to", something like
this:
Feb 13 12:34:56 mailserver postfix/smtpd[12345]: 6F84B1A241:
client=mail.example.com[192.168.0.1], from=,
to=, size=1234, nrcpt=
I followed 'www.postfix.org/VIRTUAL_README.html : As simple as can be:
shared domains, UNIX system accounts' to set style like 'mydestination =
$myhostname localhost.$mydomain ... example.com' for a few domains (except
example has no commas like main.cf). Regardless of $myhostname, $mydomain
(
Viktor, thanks a lot for your time. it is now cristal clear to me... i owe
you a beer! :-)
Kind regards,
Pete.
On Tuesday, September 3, 2024 at 06:02:00 AM GMT+2, Viktor Dukhovni via
Postfix-users wrote:
On Tue, Sep 03, 2024 at 10:12:57AM +0800, LinuxMail.cc via Postfix-users wrote:
Hi everybody...
i think Wietse has explaned this before, but i cannot find the posts, so please
excuse with me if i ask this again.
I would like to clearify with myslef how Postfix smtp daemon deals with remote
MXs of a destination.
1.- When there are different MX with different weight but the DN
Le 06/06/2024 à 18:57, GDS via Postfix-users a écrit :
Hello,
I am seeing hundreds of lines like the one below in my mail.log from
this specific IP address, which belongs to Google.
Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D148296D:
to=, orig_to=, relay=none,
delay=4099, delays=4099/
, sasl_auth_enable and
client_restriction which reject non authenticated email
(you may have different setting for chroot and tls_protocols)
--
Erwan David
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix
smtpd_sasl_auth_enable=yes
--
Erwan David
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Hi all,
is it possible to have several Postfix instances to use a centralized Postfix
server for address verification probes when this centralized server is NOT an
MDA but a relay to external MDAs?
Thanks in advance!
Pete.
___
Postfix-users mailing list
Hello,
I'm not sure if this is a Postfix or an Rspamd problem or a Gmail
problem, the first two I can do something about the third one not so sure.
I'm running a personal E-mail server running on a VPS via a2hosting. I'm
using Cloudflare for my DNS. I've got Postfix 3.7.11 and Rspamd 3.8.4
g
Remember that Postfix has supported DKIM via various milters for
15+ years without issues. So no, practically there is no problem with
DKIM and header folding in Postfix.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an
name postfix/smtps/smtpd[1575]:
lost connection after CONNECT from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
2024-04-02T09:49:26.016584-04:00 hostname postfix/smtps/smtpd[1575]:
disconnect from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] commands=0/0
On 4/1/2024 4:17 PM, Viktor Dukhovni via Postfix-users wrote:
wrappermode is set to no.
Is there any additional information I can provide?
Please keep the suggestions coming.
Thanks.
Dave.
On 4/1/2024 3:41 PM, Wietse Venema via Postfix-users wrote:
David Mehler via Postfix-users:
to utilize Thunderbird v91.x. I've tried configuring with both the
auto
Hello,
I've got a Debian 12.5 vps going, it's running Dovecot 2.3.x, Postfix
3.7.x, secured with letsencrypt. I've confirmed that my certificates are
valid and unexpired. I'm trying to connect via StartTLS to Dovecot 143,
for retrieving mail, and Postfix 587 submission to send it. I'm wanting
illegal syntax.
--
Erwan David
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Gerben Wierda:
> Aliases are nice, to receive mail. But when you reply, the address behind the
> alias is exposed.
I’m puzzling a bit over this statement … I also use aliases but was not
aware that they would expose my real address?
As a test I’m sending this message from a virtual alias (hostma
Michael Storz:
> FWS = ([*WSP CRLF] 1*WSP) / obs-FWS
>
> A FWS can be a single WSP or a folded line.
>
> Therefore the date "Fri, 5 Jan 2024 16:48:37 -0500 (EST)" is syntactically
> incorrect, because there can be only one blank between "," and "5", not two
> by the syntax of RF
Matus UHLAR - fantomas:
> Which milter is that?
> Does it support trusted hosts?
Yes, I think so. It’s my https://crates.io/crates/spf-milter
Ciao,
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-user
Matus UHLAR - fantomas:
> Do you remove those headers on your servers?
In my chain of milters, the very first one simply deletes incoming
Authentication-Results whose authserv-id equals $myhostname … The rest
of the milters can then assume that no such headers are present.
On Tuesday, January 2, 2024 at 08:46:01 PM GMT+1, Vince Heuser via
Postfix-users wrote:
>I recently upgraded to mail_version = 3.4.23
>Suddenly, Postfix no longer logs the lines with IP addresses for the
>connections.
>There use to be some additional log lines with sender ip addresses.
Thanks Wietse, yes it is clear in your doc, but both messages go through
filter?? despite what the MAIL FROM is?
Thanks,
Pedro.
On Tuesday, December 26, 2023 at 03:34:34 PM GMT+1, Wietse Venema via
Postfix-users wrote:
Pedro David Marco via Postfix-users:
> To my understanding,
Hi all,
after reading the documention from Viktor and Wietse about this issue, there is
still something i do not have clear enough... Please excuse me!
How does Postfix behave with the smuggled email? i mean... what happens with
Milters and after-queue filters?
To my understanding, the Smuggled
To find out why a milter signs or does not sign, it would be helpful to
see the milter’s configuration. With OpenDKIM, the setting ‘LogWhy yes’
is useful for debugging such issues.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
Note: OpenDKIM does not require the (ancient, obsolete) setting
‘milter_protocol = 2’. It’s a cargo cult setting. Just drop it and leave
it at the default.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix
I am trying to set up a virtual domains on a server and either end up with
no mail being delivered, or mail being delivered but with warning:
do not list domain example2.co.uk in BOTH virtual_alias_domains and
relay_domains.
What I am trying to do is
* Configure a dedicated server to host 5 webs
Viktor Dukhovni:
> Though dkimpy-milter is likely the more future-proof choice, perhaps
> OpenDKIM is slightly more polished at present, be it also dated (
> lacking some of the newer algorithms).
>
> For signing, lack of bleeding-edge algorithms is less important, so if
> you're not also validati
https://crates.io/crates/dkim-milter is yet another option that I’m
working on.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Thanks Wietse, sometimes we want to stretch Postifx like gum beyond limits...
Thanks again, Mr!
Pete.
On Thursday, October 12, 2023 at 02:32:11 PM GMT+2, Wietse Venema via
Postfix-users wrote:
Pedro David Marco via Postfix-users:
> Hi,
> Postfix documentation states clearl
Microsoft incident EX680695 (sorry if i recall wrongly).
Solved now!
Pete.
On Wednesday, October 11, 2023 at 03:24:03 PM GMT+2, Matus UHLAR - fantomas
via Postfix-users wrote:
On 11.10.23 15:06, Ralf Hildebrandt via Postfix-users wrote:
>Since this morning, various MX hosts in *.mail.pr
Hi,
Postfix documentation states clearly that XFORDWARD is intended for scenarios
like this:
Client -> MTA1-> Content_filter -> MTA2
And then Content_filter is able to get the IP of Client. Works great!
But i was wondering... what i chain more MTAs?
Client -> MTA1 - > MTA2 -> Content_filter ->
Le 11/10/2023 à 20:15, Jack Raats via Postfix-users a écrit :
One of my users (my wife) lost her sent mail folder on her pc. She
asked me if I had a backup of all het sent mail on my mail server,
which I donn't.
I have a backup of all her ingoing mail using procmail, but how can I
make a bac
Hi all,
does anyone know how to use different content_filter based on sender domain?
Thanks in advance!
Pete.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
OpenDMARC only uses libspf2 if
(a) it was compiled with SPF support and with libspf2 includes
(configure options --with-spf --with-spf2-include --with-spf2-lib)
and
(b) configuration parameter SPFSelfValidate is enabled.
Item (a) is the case for example in the Debian and Ubuntu package, but
Le 10/09/2023 à 20:12, Fred Morris via Postfix-users a écrit :
Other replies have identified what's probably happening: redirection
to a specific mail relay or honeypot.
I have a couple of suggestions, which you should consider carefully
(for legality and possible retaliation) before trying. I
on the various .cf
files.
Thanks.
Dave.
On 7/20/23, Viktor Dukhovni via Postfix-users wrote:
> On Thu, Jul 20, 2023 at 08:45:46AM -0400, David Mehler via Postfix-users
> wrote:
>
>> Thank you for your reply. My apologies, I thought these issues were
>> all possibly interr
check" I get no warnings. I checked for both selinux
and apparmor neither is installed. I ran "postfix set-permissions"
again no warnings.
I hope this information helps.
Thanks.
Dave.
On 7/19/23, Viktor Dukhovni via Postfix-users wrote:
> On Wed, Jul 19, 2023 at 06:03:17PM -040
Hello,
I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and
Dovecot 2.3 using virtual mailbox domains. There are no local everyone
is virtual. The first problem I'm seeing is the Postfix process is
exiting:
#systemctl status postfix
? postfix.service - Postfix Mail Transport Agent
Thanks all!!!
digging it
Pete.
On Friday, July 7, 2023 at 09:45:03 PM GMT+2, Wietse Venema via
Postfix-users wrote:
If no-one else posts one, I can post a solution that:
- relies on smtpd_delay_reject=yes to postpone check_policy lookup
until RCPT TO.
- disables the SIZE announcem
Hi all...
Currently Postfix do not show in log the Recipient of emails that exceed
Meesage_size_limit becasue MAIL FROM comes before RCPTO TO... butis there any
nice way of forcing Postfix to reject that email after the RCPTO TO?
I have considered to make a body check like this:
/.{10-}/
Gerd Hoerst:
> question 1st : is it a good idea to reject any email which is not sent from a
> domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or
> sub.sub.domain.tld is rejected ?
>
> at least i tried with header checks in pcre
>
> /^From:\.*@.*\.*\.*/ DISCARD NO SUBD
idering it was explicitly set
that way in logwriter.
I've got ways around this situation, but this seemed like unintended behavior
so figured I'd bring it up
-David Roe
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
Jaroslaw Rafa:
> Dnia 12.04.2023 o godz. 15:43:07 Fourhundred Thecat via Postfix-users pisze:
>> OK, I see.
>> So should the client (mail.example.com) then have it's own SPF record,
>> in addition to the domain itself (example.com) ?
>
> If you plan to send mail with senders addresses as
> someth.
EML:
> I can run the milter as a service, if necessary, instead of adding an entry
> in master.cf, but this feels like the wrong way to do this. Thanks.
But note that this is how milters are normally operated, eg milters
installed from a distro package.
___
Le 07/03/2023 à 18:42, Benny Pedersen via Postfix-users a écrit :
Matthew McGehrin via Postfix-users skrev den 2023-03-07 18:31:
Any workarounds in Thunderbird to override this behavior?
imho if you show Reply-To in this list you will see original poster ?
i have not tryed it self yet, using
Using the MariaDB client to connect yields:
5.5.5-10.5.15-MariaDB-0+deb11u1.p'lnayaX...-...t`dTYAwX32D<.mysql_native_password.
..followed by encrypted data but it succeeds to connect.
David Koski
dko...@sutinen.com
On 2/13/23 11:21, David Koski wrote:
I have a workin
ess denied for user 'vmail'@'mymail' (using
password: YES)
To be clear, disabling ssl between MariaDB client (Postfix server) and
MariaDB server makes it work but all is clear text, of course.
Looking for clues.
Regards,
David Koski
dko...@sutinen.com
On 2/12/23 7:11 PM, Viktor Dukhovni wrote:
On Sun, Feb 12, 2023 at 06:49:12PM -0800, David Newman wrote:
Postfix 3.5.17 on Debian 11
Greetings. I could use some help understanding why postfix takes around
60 seconds to accept and forward messages received using submission.
Feb 12 18:02:23
Postfix 3.5.17 on Debian 11
Greetings. I could use some help understanding why postfix takes around
60 seconds to accept and forward messages received using submission.
This is on a new server I recently stood up. An almost identically
configured old server did not have this problem. DNS work
authorized_xforward_hosts=127.0.0.0/8
34 -o syslog_name=postfix-after-filter
35
Regards,
David Koski
Hi all,
Is there anyway to check for potential errors in Postifx confiuration files
before movig them to /etc/postfix
Thanks in advance!
Pete.
Charles Sprickman:
> I'm thinking that for my personal mail server I would like to stop showing
> the world the IP that I'm sending email from, for various reasons, but mostly
> privacy.
>
> I see lots of sketchy options out there using header checks, but I'd ideally
> like to not just strip ou
Previously in a milter I have used presence of sendmail macro
‘{auth_authen}’ to decide whether a sender is authenticated.
Now, in another milter I am using presence of macro ‘{auth_type}’ to
make that decision.
What is the recommended way of telling whether a sender is authenticated
using sendma
raf:
> On Fri, Dec 23, 2022 at 06:20:08PM +0100, Gerben Wierda
> wrote:
> > What is the best way to do this? Or is it too troublesome and should
> > I just use postfix outside of docker, installing it with apt? I would
> > rather like to have a single (docker) deployment model which would
> > mak
On Fri, 2 Dec 2022 at 10:33, David Dolan wrote:
>
>
> Subject:Re: helo command rejected
>> From: Viktor Dukhovni
>> Date: 2022-12-01 16:56:13
>> Message-ID: Y4jcrRxsEJPsWZVZ () straasha ! imrryr ! org
>> [Download RAW message or body]
>>
Subject:Re: helo command rejected
> From: Viktor Dukhovni
> Date: 2022-12-01 16:56:13
> Message-ID: Y4jcrRxsEJPsWZVZ () straasha ! imrryr ! org
> [Download RAW message or body]
>
> On Thu, Dec 01, 2022 at 04:06:30PM +, David Dolan wrote:
>
>
On Thu, 1 Dec 2022 at 16:59, Matus UHLAR - fantomas
wrote:
> >> On 01.12.22 15:23, David Dolan wrote:
> >> >We have two customers who we're unable to receive email from.
> >> >It's failing the helo lookup as it can't resolve the hostname in the
&
On Thu, 1 Dec 2022 at 15:49, Matus UHLAR - fantomas
wrote:
> On 01.12.22 15:23, David Dolan wrote:
> >We have two customers who we're unable to receive email from.
> >It's failing the helo lookup as it can't resolve the hostname in the helo
> >message.
>
#x27;s an issue which
causes a problem with the verification.
Maybe it can't match the IP address with the hostname as it does a round
robin dns lookup and doesn't find the IP which the message arrived from?
Has anybody come across this before and any idea how to resolve it?
Thanks
David
Those are obligations for web sites. But what about a mail sending
domain without web site ?
inters or clues would be
appreciated. I can supply copies of configuration files if someone
wants to dig further.
Thanks
David
Henry R:
> Hello list,
>
> As a receiver MTA (postfix), if DKIM, SPF or DMARC has got failed to the
> sender domain, what action postfix will take for this incoming message?
> reject or greylist it?
>
> I have setup the mail system (as this domain openmbox.net) but not sure about
> it. thanks.
I noticed something in our mail logs that I thought was unusual.
What does it mean when smtpd reports a NOQUEUE without any kind of
reject: reason? All that's there is the client.
Aug 5 17:42:58 b1 postfix/smtpd[18503]: NOQUEUE:
client=a26-70.smtp-out.us-west-2.amazonses.com[54.240.26.70]
Aug
Linkcheck:
> I have a relatively new installation of postfix with clamav and spamassassin
> milters. In general it seems to work fine.
>
> The debian server sends a variety of notifications from localhost through
> postfix to a domain mailbox ad...@example.co.uk. On the way it's filtered by
> spam
Scappatura Rocco:
> These are the top lines of my master.cf:
>
> # ==
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==
Scappatura Rocco:
> I have one postfix server (say, 'myserver.domain.tld') acting as MX for some
> domains and as SMTP relay for the SASL authenticated user from the same
> domains.
>
> On that server I have enabled DMARC milter (other than I have set up DKIM,
> and it works fine):
>
> milter_
+2, Wietse Venema
wrote:
Pedro David Marco:
> Hi,
> Please, is there any way? to have a centralized Verify database?? my
> intention is to reduce the number of probes in Postfix farms...
> Thanks,
You could try https://www.postfix.org/memcache_table.5.html
- Give it enough memory
Hi,
Please, is there any way to have a centralized Verify database?? my intention
is to reduce the number of probes in Postfix farms...
Thanks,
Pete.
As was suggested upthread, do check the sendmail milter documentation
for questions about the milter protocol. Technical design, API,
interaction of multiple milters, succession of milter callback stages,
it’s all there.
On Ubuntu or Debian install package sendmail-doc and start at
/usr/share/doc/
On 16/04/2022 10.53, Viktor Dukhovni wrote:
> On Fri, Apr 15, 2022 at 04:30:19PM -0600, @lbutlr wrote:
>
>> However, it is *very* common for a BBC email to have a To header with
>> no email address in it at all,
>
> This violates RFC5322 and earlier versions. The "To:" header must
> contain at l
Le 14/04/2022 à 07:58, Aban Dokht a écrit :
P V Anthony wrote:
Rspamd is really powerful and fast.
Give it a go. You will be very pleased.
P.V.Anthony
I also prefer rspamd over other solutions, because it implemets DMARC
out of the box.
Also other features, like ARC, HA ready and the nice
Le 12/04/2022 à 18:52, Ralph Seichter a écrit :
* Erwan David:
Does it handle restarting/reloading a program when changing the
certificate ? Postfix does not need it, but dovecot does.
LetsDNS does not obtain or change TLS certificates, because that's what
specialised ACME clients
Le 12/04/2022 à 15:30, Ralph Seichter a écrit :
I'm happy to announce that LetsDNS release 1.0 is now available and
ready for public use.
Website: https://letsdns.org
GitHub : https://github.com/LetsDNS/letsdns
PyPI : https://pypi.org/project/letsdns/
LetsDNS is a utility to manage D
Jesper Dybdal:
> Are smtpd_recipient_restrictions, particularly policy services, evaluated
> before milters, so that I could use policyd_spf to check SPF, and have
> amavis and opendmarc milters in that same smtpd instance - so the milters
> could use the Authentication-Results header from policyd_
Understood!
Thanks a lot Wietse and Viktor!
Tete.
On Thursday, April 7, 2022, 08:03:36 PM GMT+2, Wietse Venema
wrote:
Pedro David Marco:
> Sorry, but i am confused... documentation is accurate, but probably
> not my understading of it...
Instead of arguing about what happens, l
relaytakes place... my understanding was that
unreacahble meant "cannot connect to remote smtp port"...
Thanks again!
Pete.
On Thursday, April 7, 2022, 07:52:43 PM GMT+2, Viktor Dukhovni
wrote:
On Thu, Apr 07, 2022 at 04:55:26PM +, Pedro David Marco wrote:
>
On Thursday, April 7, 2022, 07:23:14 PM GMT+2, Wietse Venema
wrote:>>Pedro David Marco:>>> Hi,>> Postfix
documentation about smtp_fallback_relay says:>>>> smtp_fallback_relay (default:
$fallback_relay):>> Optional list of relay hosts for SMTP desti
Hi,
Postfix documentation about smtp_fallback_relay says:
smtp_fallback_relay (default: $fallback_relay):
Optional list of relay hosts for SMTP destinations that can't be found or
that are unreachable. With Postfix 2.2 and earlier this parameter is called
fallback_relay.
I have destination
G'day,
I have a Postfix+Dovecot+LDAP set up with multi-level sub-domains. I had
no problem setting Dovecot up for this environment with the '%D' config
variable modifier.
*
https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers
*
https://github.com/dovecot/c
On Monday, March 28, 2022, 12:01:58 AM GMT+2, Wietse Venema
wrote:
| the inspiration for my efforts.
Thanks for your efforts, Wietse... and for all your support in the list!!!
Regards..
Pete.
post...@ptld.com:
> If you are going to use DMARC then you do not need to mess around with or
> install policyd-spf.
> OpenDMARC has built in SPF lookup, it adds a header with the SPF results, and
> uses it in deciding if the email passes DMARC or not.
OpenDMARC’s is a defective implementation o
This question is answered regularly on this list.
http://www.postfix.org/TLS_README.html#server_cipher
> By default anonymous ciphers are enabled. … One can't force a remote
> SMTP client to check the server certificate, so excluding anonymous
> ciphers is generally unnecessary.
Thanks a lot...
You understood me correctly! thanks for your kindness...
with the INFO action, a new log line is added by cleanup daemon.. What i was
trying is to make smtp daemon add that header value to its usual log lines..
Thanks,
Pete.
>On Tuesday, December 21, 2021, 04:20:31 PM GMT+1, p
White, Daniel E. (GSFC-770.0)[NICS]:
> How do I stop junk like…
>
> HELO example.com
>
> … without having to create a huge "check_helo_access" table ?
(This is not a general answer but perhaps interesting still.)
SPF validation (RFC 7208) can also be applied to a HELO name, which is
useful with
Hi,
is it possible to configure Postfix stmp daemon to add in its log the value of
a specific header?
Thanks!
Pete.
Hello,
Not sure if this will help with anything, but about a year back I was
having issues getting my at the time s7 phone to connect to postfix.
The solution was to determine that the connecting key was an ed-384
bit key. At that time android only supported ed-256 keys so I had to
redo my key and
t; designates 194.25.134.18
> as permitted sender) client-ip=194.25.134.18;
>
> And t-online.de <http://t-online.de> has no SPF setup for which you can check
> from their domain.
> So what's the best guess record by google?
Perhaps relevant:
http://www.open-spf.org/Best_Practices/No_Best_Guess/
Cheers,
--
David
Fourhundred Thecat:
> Hello,
>
> I have strict helo checks:
>
> smtpd_helo_required = yes
> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> reject_unknown_helo_hostname
Anecdotal: I used to have these exact settin
s: Viktor is correct
that this whole thing is a really bad idea for interoperability. I don't
recommend this workaround in general, I just think it'll work for what
I'm trying to do, which is probably not a typical use case.
Op 23-09-2021 om 22:49 schreef David Mandelberg:
Op
Op 23-09-2021 om 22:26 schreef Viktor Dukhovni:
On Thu, Sep 23, 2021 at 10:02:26PM -0400, David Mandelberg wrote:
With the settings below, postfix 3.5.6 and openssl 1.1.1k successfully
connected to a server with a 2048-bit RSA key, which should be
disallowed by openssl's security le
Hi,
With the settings below, postfix 3.5.6 and openssl 1.1.1k successfully
connected to a server with a 2048-bit RSA key, which should be
disallowed by openssl's security level 4.
tls_high_cipherlist = DEFAULT:!eNULL:!aNULL:@SECLEVEL=4:@STRENGTH
smtp_tls_mandatory_ciphers = high
When I use o
Thank you!
Op 23-09-2021 om 13:44 schreef Viktor Dukhovni:
On Thu, Sep 23, 2021 at 01:19:57PM -0400, David Mandelberg wrote:
Is lmtp_tls_wrappermode safe to use even though it's not documented?
Yes, it is safe to use. The SMTP and LMTP client code Postfix is
largely a single code base
Hi,
I was looking for a way to use implicit TLS with LMTP, similar to
`smtp_tls_wrappermode = yes`. I don't see any mention of
lmtp_tls_wrappermode in http://www.postfix.org/postconf.5.html but
https://github.com/vdukhovni/postfix/blob/f246147ec54bb2b79ac84522d1d1a6c2b1664bd6/postfix/src/globa
‘What do "Anonymous", "Untrusted", etc. in Postfix logging mean?’
http://www.postfix.org/FORWARD_SECRECY_README.html#status
1 - 100 of 786 matches
Mail list logo
