[pfx] Re: question for a directive in master.cf

On 21/06/2024 13:06, Jeff Peng via Postfix-users wrote: > >> If you want to enable them, you have to uncomment ALL lines for >> submission >> service to work correctly. > > just further, for smtps service, can i just comment out all of options > to enable it? > > #smtps inet  n   -   y 

[pfx] Re: 25 years today

any other contributors for a great piece of software and tons of good advice! Postfix always successfully combined rock-solid operations, precise documentation, modern features and great backward compatibility - a rock in the surf of mailadmin's life :) Bes

[pfx] Re: Postfix refuses to accept email from video camera

On 16/04/2023 21:11, Viktor Dukhovni via Postfix-users wrote: > Not surprising, I suspect that the OP did not recognise the $ and # characters in your instructions as shell prompts (to be omitted from the commands being executed), and copy/pasted them into his shell as-is. HTH,

[pfx] Re: any web.de staff here?

On 16/04/2023 05:57, tom--- via Postfix-users wrote: > Intentionally at the request of web.de it seems.  Did you read: >> >>     https://www.spamhaus.org/sbl/query/SBL175032 >> >> If your message was blocked, and was not spam, contact: >> >>     https://postmaster.web.de/en/case?c=uar > > I sent em

Re: Quarantining html email

On 16/06/2022 22:39, Bill Cole wrote: > >> I realize links would have to be pulled to generate the image but >> ultimately I would like the end user to just get an image >> representation of what the html email would look like with no links >> or link following by the MUA. > > Therein lies the badn

Re: transport_maps with address extension (user+ext@domain)

Hi, On Thu, May 19, 2022 at 04:38:33PM +0200, Bastian Blank wrote: > Maybe try to set "recipient_delimiter"? Without delimiter, none will be > used. thanks, that was the problem. Best regards, Jan-Martin -- Dr. Jan-Martin Rämer Systemtechnik Zentrum für Hochschul-IT

Re: transport_maps with address extension (user+ext@domain)

Hi, On Thu, May 19, 2022 at 08:32:34AM -0400, Wietse Venema wrote: > Wietse Venema: > > Jan-Martin Raemer: > > > As I'm using a normal hash table, I assumed that user+$anything@domain > > > would match user@domain (unless there is a specific entry for > > >

transport_maps with address extension (user+ext@domain)

lay.domain Version: 3.5.6 (package from Debian bullseye) Best regards, Jan-Martin -- Dr. Jan-Martin Rämer Systemtechnik Zentrum für Hochschul-IT Rheinland-Pfalz Moselweißer Straße 4, 56073 Koblenz Telefon +49(0)261 9528-906 rae...@zit-rlp.de smime.p7s Description: S/MIME cryptographic signature

Re: What is the proper value in solrconfig.xml for dovecot?

On 19/04/2021 02:15, Steve Dondley wrote: > I'm looking at config documentation for solr on dovecot: > https://doc.dovecot.org/configuration_manual/fts/solr/ > > In the suggested solrconfig.xml file > (https://raw.githubusercontent.com/dovecot/core/master/doc/solr-config-7.7.0.xml), > it has the fo

Re: porcupine.org servers have moved

On 08/03/2021 17:35, Wietse Venema wrote: > For those who are getting code/docs from {www,ftp}.porcupine.org, > this weekend the servers were moved from subnet 168.100.185.112/28 > to 168.100.64/28. > > Wietse Presumably that's 168.100.3.64/28

Re: batching all mails to one or more domains to a non-permanently-powered machine with dynamic addresses

calaccount1"   "ali...@isp.example.com"="localaccount2"   "ali...@isp.example.com"="localaccount1"   "ali...@isp.example.com"="localaccount1"   "ali...@isp.example.com"="localaccount3"   "ali...@isp.example.com"="localaccount1" HTH, Jan

Re: Connection refused / telnet: connect to address 10.5.2.1: Connection refused

On 29/12/2020 13:58, Wolfgang Paul Rauchholz wrote: > I am setting up an email server on my home box with postfix and dovecot > My server is modem router and has as such an internal and external > network interface > > *>From my laptop (LAN) > *From Thunderbird I get the message: Could not connect

Re: Content filter replied to HELO/EHLO with my own hostname

On 06/07/2020 15:23, Wietse Venema wrote: > MTA service is on port 25. Other ports don't count as MTA service, > therefore loop detection does not apply. Still worth documenting?

Re: Unable to receive emails from btinternet.com

On 19/06/2020 10:18, Nick Tait wrote: > Hi David. > > I think I can guess what your problem is, because I had exactly the > same symptom with a different bulk email provider... > > Basically this sounds like an MTU issue: The SMTP client > (mailomta12-sa.btinternet.com[213.120.69.18] in your case)

Re: delaying postfix until/unless VPN is up/connected

On 17/04/2020 15:08, Ranjan Maitra wrote: > Btw, for me, when ifconfig is DOWN, I do not get a down. ifconfig -a fixes that.

Re: 4xx when host not found

On 18/09/2019 10:15, Helmut Schneider wrote: > I'm open for improvements. It's for my home usage, a relay in the > internet with a static ip forwarding mails to my server at home with an > ip changing every 24h connected via OpenVPN. What's you suggestions? > > Fetchmail?

Re: Format of ip address in /etc/postfix/access

mphasis added for clarity. > Wietse, To me a NULL character is the ASCII character which has all of its bits set to zero. Could I therefore suggest talking about 0 characters instead in this man page? HTH, Jan

Re: Postscreen - fatal: btree:/var/db/postfix/postscreen_cache

On 30/05/2019 14:41, Jos Chrispijn wrote: > On 30-5-19 14:25, Wietse Venema wrote: >> Again, this confirms my suspicion that the system has gotten messed >> up. Postfix has been around for decennia and it does not require >> restarts to stay functional. > > Ok, thanks y'all for helping out. Everyth

Re: Click tracker removal ideas?

>> Does anyone have any suggestions for a tool for filtering out click >> trackers from links in email bodies and rewriting the links without >> the click tracking? > Anything that does this will also break DKIM, if the email has it > (which many do). But perhaps you are confident that your users

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

e for me to see, that postfwd runs stable for them - obviously :) Jan 20 18:10:51 postfwd-40/master[24907]: [STATS] postfwd-40::policy 1.35: 36550170 requests since 1146 days, 01:00:39 hours Jan 20 18:10:52 postfwd-40/master[24907]: [STATS] Requests: 12.60/min last, 22.15/min overall, 656.24/

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

ards and again thank you for your help. It would save me a bunch of work and a lot of explanations if I could stay with sunstudio. There are a lot of depending libraries, that have been compiled with it and the systems will be migrated by middle/end of the year (byebye niagara). Therefore I didn't want to put too much work in this task. Jan

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

ode 1 make: Fatal error: Command failed for target `update' I've managed to bring a gcc 4 to the system. Now everything works as expected. Should have sold them more than 2h. You should really feel ashamed for not supporting a 12 year old compiler suite anymore ;-) Thank you for postfix and advice. R.I.P. sunstudio    Jan

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

include -I${MYLIB}/cdb/include" PATH=$MYPATH:${MYLIB}/ssl/bin:/usr/ccs/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/dt/bin:/usr/platform/SUNW,T5140/sbin:/opt/sun/bin:/opt/SUNWldm/bin unset LD_LIBRARY_PATH make tidy make makefiles CC=$MYCC CXX=$MYCXX \   CCARGS="-DHAS_DB -DUSE_TLS -DHAS_PCRE -DHAS_CDB ${MYINCL}" \   AUXLIBS="${MYLIBS} -ldb -lssl -lcrypto -lpcre" echo; echo; echo "### make makefiles finished; performing make ###"; echo sleep 4 make exit Thanks, Jan

unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

.  Use 'cc -flags' for details $ uname -a SunOS gv-vmail-201 5.10 Generic_14-03 sun4v sparc SUNW,T5140 Kind regards   Jan

Re: How to configure an infinite-retry for relay

and without > sending any "undeliverable" notifications to the sender. does it really have to be indefinite or would the following setting (on the 2ndary MX) be sufficient? maximal_queue_lifetime = 30d See http://www.postfix.org/postconf.5.html#maximal_queue_lifetime for more information. Cheers, Jan

Re: ignore SASL/Auth to specific server (internal exchange relay)

On 12/12/2018 20:55, Viktor Dukhovni wrote: > >> On Dec 12, 2018, at 2:48 PM, Daniel Miller wrote: >> >> Not wanting to get in the way of the experts but this may help: > Indeed a nice succinct and accessible answer for non-experts. Please > don't hesitate to post similarly helpful replies. > Unf

Re: Monitoring amount of smtpd processes

of all systems that want to send an email to you this is not an option to solve the described problem. If you are able to do this I'd be very interested in that code ;) Cheers, Jan

Re: A problem I'm not sure how best to solve

I want to TEMPORARILY (I hope) whitelist redac...@mg.pluspora.com as a sender address as long as the mail is being sent by mailgun.us. How would you do it? You could add a check_sender_access which returns OK for mg.pluspora.com before the reject_unknown_sender_domain in smtpd_recipient_re

Re: Network difficulties with some senders

Fragmentation Needed)  between the machines. Best regards   Jan

Re: Making relay_access_denied permanent?

Confirmed by my own test - sorry for noise on this list: Jul  8 10:23:14 mx3 postfix-cluster/smtpd[3564]: NOQUEUE: reject: RCPT from ipservice-047-071-140-188.pools.arcor-ip.net[47.71.140.188]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= I have to admit that it's an old conf

Re: Making relay_access_denied permanent?

= permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination Am I right? Thank you in advance   Jan Am 08.07.2018 um 10:04 schrieb Jan P. Kessler: Hi, I was wondering why the following error is returned as tempfail: Jul  8 09:49:03 mx3 postfix-cluster/smtpd[3420]: connect from hwsrv-20

Making relay_access_denied permanent?

Hi, I was wondering why the following error is returned as tempfail: Jul  8 09:49:03 mx3 postfix-cluster/smtpd[3420]: connect from hwsrv-20.hostwindsdns.com[108.174.196.241] Jul  8 09:49:03 mx3 postfix-cluster/smtpd[3420]: NOQUEUE: reject: RCPT from hwsrv-20.hostwindsdns.com[108.174.19

Re: check rcpt to, from and destination in one session - nested smtpd_restriction_classes?

postfix is configured as relay server. Other systems relay with postfix. Here i want to allow for a specific group of hosts, when they use a specific mail from address only a few specific destination domains. Other hosts should not be bothered. This is only a need to limit a group of hosts to

Re: Postfix [Postfwd2 error]

So the thing to check with the author of postfwd2 is what's going on with the regular expression on line 1168. That is a scary one. It seems like an attempt to express all of the leniencies in a config format in a single regex, where a preliminary canonicalization (reducing all runs of white

Re: masquerade_domains not working

On 14/01/17 20:58, Richie Rich wrote: > Thanks for the quick response. Can you point me in a direction to > accomplish what I'm trying to do? > I'm totally new to postfix. I am by no means an expert, but I do hope that the following helps: http://www.postfix.org/postconf.5.html#smtp_generic_maps

unreachable -- queued or bounced?

down; same question, will the messages be queued until the server responds? Are both these situations subject to maximal_queue_lifetime? -- Kind Regards, Jan Danielsson

Re: Response from gmail at end of transmisssion not passed to smtp_delivery_status_filter

On 11/01/17 15:44, Wietse Venema wrote: > Thanks for spotting that. What about adding some text: > Note: The smtp(8) and lmtp(8) delivery agents can make delivery > attempts to multiple MX or A destinations. Unlike > (smtp|lmtp)_reply_filter, the (smtp|lmtp)_delivery_status_filter >

Re: Avoiding spam blacklists

On 09/01/17 21:06, @lbutlr wrote: > 640K RAM ought to be enough for everybody. >> No even similar. The address space for 128bit is in the general neighborhood >> of the number of atoms in the universe. > Sorry, that's 256 bits. 128 bits is the number of stars in > 100,000,000,000,000,000 universe

Re: Avoiding spam blacklists

On 09/01/17 16:58, @lbutlr wrote: > (1.8x10E19 is enough address space for every single person on the planet to > have two and a half billion IPs to themselves). 640K RAM ought to be enough for everybody.

Re: postfix pdf

On 06/01/17 20:28, Wietse Venema wrote: > Instead of logging a warning when it receives an unexpected protocol > message? > Postfix could require that the 'first' message between Postfix > programs(*) contains the protocol name (enqueue, bounce, deliver, > verify, ...). That way, the warning messag

Re: Transport mapping via mySQL?

>It's actually quite simple: >1) Create a file with the MySQL credentials and the query >2) Include the created file in transport_maps within main.cf > >/etc/postfix/mysql_relay_transport_maps.cf > user = dbuser > password = dbpass > dbname = maildb > hosts =

Transport mapping via mySQL?

Hello! problably a silly question, but I cannot seem to find an example of obtaining transport mapping via mySQL. Is that even possible? (CentOS 7 with 2:2.10.1-6.el7)

Re: OT: "X-PHP-Script" header

On 24/10/16 18:29, Allen Coates wrote: > > Over the weekend I had three spam messages get through to my in-box. Two > contained an "X-PHP-Script" header > > one was > X-PHP-Script: > folar.org/wp-content/plugins/the-events-calendar/src/Tribe/Aggregator/uploader.php > for 110.83.63.152 > > and th

Re: smtpd_sender_login_maps problem

On 03/08/16 16:51, Paul wrote: > line 4: missing '=' after attribute name: "SELECT > aliases.id,sasl_aliases.id FROM sasl_aliases,aliases WHERE > aliases.address=sasl_aliases.address AND aliases.address='%s'" You might have gone over this so many times that you're missing it: You need to prepend

Re: How to restrict encrypted email

On 16/07/16 17:42, Yuval Levy wrote: > Imposing the onus on the SMTP server operator is like imposing the onus > on gas stations for fueling vehicles used in criminal endeavors. It > does not fly because the gas station can't possibly know what the user > will use the vehicle for, other than (prob

Re: How to restrict encrypted email

ssword-protected, in which case you can omit the second step and therefore the recursion. Furthermore, you would not find steganographically hidden encrypted content this way. Jan

Re: Is not honoring bounces-to violation of RFC?

On 29/06/16 17:02, Chip wrote: > If Return-path is added by receiving MTA, as you say, below, and that it > contains the MAIL FROM, then why do I see the following in source code > of received message in which return-path does not match From? Could I respectfully suggest that you read up on the di

Re: Documentation improvement request (was: RBLs in postscreen AND smtpd_*_restrictions)

On 12/06/16 02:05, Wietse Venema wrote: > Wietse Venema: >> I have changed the text to: >> >> Otherwise it replies with the query arguments plus an empty >> address list and the reply TTL. The reply TTL is -1 if no >> reply is received, or if the reply contains no TTL information)

Re: Having Postfix relay and deliver locally for one domain?

the local users to which to deliver these emails. Once you've created /etc/postfix/virtual and whenever you subsequently change it, execute postmap /etc/postfix/virtual . HTH, Jan

Re: DANE feature request: Verify remote certificate with DANE even if MX record is in non-DNSSEC zone

On 25/01/16 18:29, Viktor Dukhovni wrote: On Jan 25, 2016, at 12:09 PM, Jan Zorz - Go6 wrote: Maybe this could be implemented in postfix and instead of saying "Verified TLS connection" in log we figure out some other description. At the end, DANE should be an endpoint ve

DANE feature request: Verify remote certificate with DANE even if MX record is in non-DNSSEC zone

connection" in log we figure out some other description. At the end, DANE should be an endpoint verification mechanism, not delegation verification. Well, it could also be, but I think we need to use it in both cases. Any thoughts? Cheers and thnx, Jan Zorz

Re: Local delivery and relaying

ope that my question and your solution will help future similarly-afflicted users. Thanks again, Jan

Re: Local delivery and relaying

On 14/12/15 12:43, Wietse Venema wrote: > Jan Ceuleers: >> Hi >> >> I'm a new Postfix user, having just switched from sendmail (which I set >> up years ago and then forgot how). >> >> I want my Postfix server to locally deliver emails for my own accou

Local delivery and relaying

Any hints would be gratefully received. Thanks, Jan

Re: I need sample configuration files for rate-limiting with HOLD verdict

Am 21.09.2015 um 08:25 schrieb Kianoosh Kashefi: I use Postfix with Postfwd as policy service. and I want to limit all outgoing messages with exceptions for several SASL users with HOLD verdict. I'm new to postfwd so I need configuration example for rate-limiting with HOLD verdict (for instanc

Re: Policy attributes to PERL script

This issue I have is knowing how to read any of the attributes listed here www.postfix.org/SMTPD_POLICY_README.html#protocol I have tried using $attr = @_; and local(*attr) =@ _; to retreive the variables but $attr always remains empty. I have also set up the script to write the contents and e

Re: Add header based on number of recipients

With postfwd you could use the following rule: id=RCPTCNT action=PREPEND X-RCPT-COUNT: $$recipient_count or something like that id=RCPTCNT01 recipient_count>=200 action=PREPEND X-RCPT-COUNT: RED id=RCPTCNT02 recipient_count>=100 action=PREPEND X-RCPT-COUNT: YELLOW Please

Re: TLS Issue

Dnia , o godz. "Steffan A. Cline" napisał(a): Hi, have you resolved this problem yet? I reproduce it when I connect via either imap or smtp from claws-mail linked against gnutls 3.3.10-1 to a postfix server with dovecot sasl enabled. In my case it is caused by my dovecot configuration, namely

Re: What exactly does that mean: maildrop/6B8F696F6: error writing 2737698C0: no recipients specified

postfix 362 Oct 9 2013 F3B01ACC8 -rw--- 1 postfix postfix 524 Feb 24 2012 F3B84116E4 -rw--- 1 postfix postfix 337 Jul 22 2013 F3BC458AD ... Thank you very much! Jan

Re: What exactly does that mean: maildrop/6B8F696F6: error writing 2737698C0: no recipients specified

Oct 23 10:53:00 rv-smtpext-201 postfix/pickup[11413]: [ID 947731 mail.warning] warning: maildrop/6B8F696F6: error writing 2737698C0: no recipients specified The Postfix sendmail command awas invoked with no recipients on the command line, and (with -t) with no recipients in the message header.

What exactly does that mean: maildrop/6B8F696F6: error writing 2737698C0: no recipients specified

ckup[11413]: [ID 947731 mail.warning] warning: maildrop/6B8F696F6: error writing 2737698C0: no recipients specified Can somebody explain, what is happening here? The machine also is very slow (see delays) and might be osomewhat overloaded. Jan

Re: recipients attribute, policy daemon.

Or what the limitations are. Note that you can not return different results for different recipients at data or end_of_data stage. You can only pass or reject the whole mail at all. p.s. the policy server example included in the postfix docs would break. substr(0,512) is to small for a

Re: recipients attribute, policy daemon.

"The "recipient" attribute is available in the "RCPT TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE" stages if Postfix accepted only one recipient for the current message." You can use the instance attribute to collect the list of recipients at RCPT TO stage. That informati

Re: Another policy server question...

How exactly does one "disconnect" from stdin? I mean other than by calling exit() ? Exiting is sufficient. The SMTPD_POLICY_README file should be edited in a way so as to make that clear. The current wording is quite entirely perplexing. "Disconnect" is quite obviously the wrong word to us

Re: Using check_policy_service for greylisting with sqlgrey

> I'm using postfix-2.10.3 on fedora20 with sqlgrey, distributed across > three separate servers through mysql. I've configured it using: > > check_policy_service inet:127.0.0.1:2501 > > in main.cf . However, this doesn't provide fault > protection in the sa

Re: Setting the domain name of outgoing e-mail

May 8 15:50:28 s8 postfix/smtpd[5603]: NOQUEUE: reject: RCPT from localhost[::1]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo= Seems like the ipv6 loopback address is not part of mynetworks.

Re: New Greylisting daemon

> Yes. I'm working on preforking (in fact, I've started to analyze > prefork.c from Apache web server some days ago...). Threads are an > option, but we choose forking for better isolation. Some people say > forking and threading is basically the same in term of perfs, that's > even written in som

Re: New Greylisting daemon

> processing (so the same TCP connection is used for multiple unrelated > emails)? Yes, the last option. It will reuse the connection: "On active systems a policy daemon process is used multiple times, for up to $max_use <http://www.postfix.org/postconf.5.html#max_use>incoming SMTP connections." [http://www.postfix.org/SMTPD_POLICY_README.html]. So, where is your code? Did I miss a link? Jan

Re: need help with regexp in header_checks

Also, note that the carat (^) anchor isn't necessary. The header fields you're testing for are in the left most position. Thus no reason to left anchor your expression. Of course there is. - Anchored expressions are executed faster (the parser has to check the pattern only against the begi

Re: postfix access map for sasl authenticated users

==mao action=REJECT sorry no access for user $$sasl_username It is also possible to have a separate file with the sasl_usernames: id=SASLDROP sasl_username==file:/etc/postfwd/evil_users action=REJECT sorry no access for user $$sasl_username Jan

Re: secure email server

st for that one (no other CA). Cheers, Jan

Re: postfwd2 expericiencies

>I've started to runnning postfwd2 on my server, with aproximately > up to 500 mails daily (and 80% spams :) ). I plan to use it to a > domain with 30 000 daily emails. Does anybody have postfwd2 applied > for similar domain ? What about huge dns count for RBL ? I use it since years wit

Re: Do not forward spam

> As I read it, 'smtp_header_checks' provides a way to do header checks only on > messages that are leaving the system, leaving local delivery unaffected? You are right. It should achieve the same.

Re: Do not forward spam

Am 21.09.2013 15:17, schrieb Jan P. Kessler: > > Would the single, existing instance with 'smtp_header_checks' not > > achieve the same thing? > > > > http://www.postfix.org/postconf.5.html#smtp_header_checks > > Not, if the required headers are added l

Re: Do not forward spam

> Would the single, existing instance with 'smtp_header_checks' not > achieve the same thing? > > http://www.postfix.org/postconf.5.html#smtp_header_checks Not, if the required headers are added later on by a content_filter.

Re: Do not forward spam

> The way I read his request is that he wants to forward non-spam > only, and is looking for a Postfix solution that supports this. > > The best proposal I can come up with is a Milter that triggers on > headers added by has spam filter, and that adds a second > recipient only if the mail does not

Re: disturbing TLS error

> So, there is nothing i can do ? If you don't need TLS for yahoo you can disable it for that server. Take a look at http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps

Re: Can't send mails but I can receive

> > Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to > > freenet.de[62.104.23.42]:25: Connection refused > > connection refused is a network problem, probably a firewall block. > Perhaps your ISP doesn't allow you to run a mail server? Something is wrong with your DNS resolution. freenet.de

Re: newbie check Was [Re: port 25 submission settings sanity check]

over unreliable and asynchronous media. To be in advantage over smtp/tcp those checks have to be faster than the highly optimised ones in your tcp stack. Jan

Re: Backup mx on cable

Am 09.07.2013 23:56, schrieb Jan P. Kessler: > > How can I configure my primary server to accept connections/mail from the > > secondary server but still refuse connections/mail from all other cable > > connections. > > I use TLS client certificates for these purposes* &g

Re: Backup mx on cable

> How can I configure my primary server to accept connections/mail from the > secondary server but still refuse connections/mail from all other cable > connections. I use TLS client certificates for these purposes* http://www.postfix.org/TLS_README.html * Not for backup to primary mx, but whene

Re: Blacklist IP with a reject message

3. I could also write a policy server. Is there already a policy server that's as simple as blocking IPs based on a ACL. But then, I'll have to run a local mysql server also. postfwd has an option to use a table, which will be re-read on every request. Look for "lfile" or "ltable" at http:/

Re: Problem using TLS: lost connection after STARTTLS

Am 16.06.2013 05:00, schrieb Viktor Dukhovni: > On Sun, Jun 16, 2013 at 01:58:27AM +0200, Jan P. Kessler wrote: > > > The openssl update from 0.9.8k to 1.0.1e solved the client certificate > > issue. Unfortunately now we see another problem with the outgoing > > instance, t

Re: Problem using TLS: lost connection after STARTTLS

you MAIL FROM:j...@example.com 250 2.1.0 j...@example.com... Sender ok RCPT TO:xxx@example.com RENEGOTIATING [CTRL+C] Am 16.06.2013 01:58, schrieb Jan P. Kessler: > >> # openssl > >> ./Configure \ > >> --prefix=${BASE}/openssl \ > >> --openssldir

Re: Problem using TLS: lost connection after STARTTLS

>> # openssl >> ./Configure \ >> --prefix=${BASE}/openssl \ >> --openssldir=${BASE}/openssl \ >> solaris-sparcv9-cc >> make; make install >> >> # postfix >> MYLIBS="-R${BASE}/openssl/lib -R/usr/local/BerkeleyDB.4.7/lib >> -R/usr/local/lib -L${BASE}/openssl/lib -L/usr/local/BerkeleyDB.4

Re: Problem using TLS: lost connection after STARTTLS

> The sender should replace their certificate, it is not compliant with > TLSv1. This too may take time. > > I never enabled ask_ccert on port 25, I had used 587 for that (on a > machine that nevertheless was not an MSA), and clients with special > access configured via ccerts had to use a transpo

Re: STARTTLS not announced?!

Am Samstag, 15. Juni 2013, 04:03:44 schrieb Benny Pedersen: > Jan Kohnert skrev den 2013-06-15 03:58: > > Well, no, it disables AUTH without tls/ssl but not STARTTLS, IIRC. > > starttls have nothing to do with auth or not Come on, read the documentation: http://www.postfix.org/

Re: STARTTLS not announced?!

nderstand. How are we disabling TLS? > > Where was it enabled before? when we said smtp_use_tls = yes? > > it does not disable tls/ssl, but it removes starttls in plain > connection without tls/ssl Well, no, it disables AUTH without tls/ssl but not STARTTLS, IIRC. -- MfG Jan

Re: Problem using TLS: lost connection after STARTTLS

Signature Algorithm: sha256WithRSAEncryption It looks your OpenSSL library does not enable this via OpenSSL_add_ssl_algorithms(). The use of certificates with signature algorithms other than MD5 and SHA-1 is supposed to be negotiated via TLSv1.2, plain SSLv3/TLSv1 do not have a way to neg

Re: Problem using TLS: lost connection after STARTTLS

>> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 197553 >> mail.info] certificate verification failed for >> mail.dgverlag.de[145.253.80.6]: untrusted issuer >> /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root > Why do you check client certificates? Because we authenticate/w

Problem using TLS: lost connection after STARTTLS

problem: 22673:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146 indicate a problem on our side? Please let me know if you need any further information. Below the log output with debug_peer_list: Jan Jun 14 11:44:21 rv-smtpext-201 postf

Re: Auth/relaying issues with 2.10.0

the safety net was put at the end of that file by the Gentoo folks, the merge would probably have removed it, since I wanted my changes to stay. :) -- MfG Jan

Re: Auth/relaying issues with 2.10.0

Hi again, Am Mittwoch, 5. Juni 2013, 01:34:13 schrieb Jan Kohnert: > Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0: > > On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote: > > > I have recently upgraded to 2.10.0 (gentoo) and now having some > >

Re: Auth/relaying issues with 2.10.0

Hi, Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0: > On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote: > > I have recently upgraded to 2.10.0 (gentoo) and now having some > > issues with relaying authenticated users. I'm using dovecot sasl > > and

Re: Auth/relaying issues with 2.10.0

Hi there again, Am Mittwoch, 5. Juni 2013, 01:08:09 schrieb Jan Kohnert: > I have recently upgraded to 2.10.0 (gentoo) and now having some issues > with relaying authenticated users. I'm using dovecot sasl and according > to the logs auth works fine, but however postfix thinks I

Auth/relaying issues with 2.10.0

in, init_response SECRET Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: xsasl_dovecot_handle_reply: auth reply: OK?1?user=jan Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: > 178-24-196-94-dynip.superkabel.de[178.24.196.94]: 235 2.7.0 Authentication successful Jun 5 00:16:07 b079

Re: how to tell postfix not to bounce when A: host not found?

Am 23.05.2013 18:24, schrieb Joe Wong: > Is there a config to tell posfix , to retry a email under A: host not > found condition? > > May 23 15:59:22 mysmtp postfix/smtp[7507]: 92B8BCC3DE: > to=mailto:t...@nosuchdomain.com>>, > relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.4, status=bounce

Re: reject_unknown_reverse_client_hostname safe?

Am 08.05.2013 01:58, schrieb Vincent Lefevre: > On 2013-05-07 23:00:01 +0200, Jan P. Kessler wrote: >> Yes this is possible with postfwd. The policy delegation protocol >> contains reverse_client_name and client_name, which can be used within >> postfwd rulesets. >> &

Re: reject_unknown_reverse_client_hostname safe?

> Is it possible to use reject_unknown_reverse_client_hostname-like > feature as part of scoring with blacklist checking? I think > policyd-weight supported that. I consider using postfwd. Yes this is possible with postfwd. The policy delegation protocol contains reverse_client_name and client_na

Re: postscreen_dnsbl_sites

> Is it possible that the key is being exposed not from the > postscreen_dnsbl_sites line but from a line also in main.cf which says > the following? > smtpd_client_restrictions = reject_rbl_client .zen.dq.spamhaus.net Use rbl_reply_maps and a text without $rbl_domain: http://www.postfix.org/post

  1   2   3   >