30. Jan 2015 19:21 by postfix-us...@dukhovni.org:
> What software is listening on that port?
>
I see it is the Postfix part of the Zimbra commercail mail server.
I am told that it must be a unique port for only using TLS AUTH.
>> I can check this now with simple telnet
>>
>> ?telne
Hello Viktor
30. Jan 2015 16:05 by postfix-us...@dukhovni.org:
> > http://www.postfix.org/postconf.5.html#check_ccert_access
>
I did it with this option for Postfix server #2 config. I need to have the
opportunity to set many relay clients some day so I use the access map.
I also set
Hello all
Thanks for the multiple advises.
30. Jan 2015 13:46 by a...@extracted.org:
> On Fri, 2015-01-30 at 05:35 +, Viktor Dukhovni wrote:
>
>> And I often find it easier to configure client certs, no SASL or
>> PAM configuration nightmares. :-)
>>
I have made the easy decisision for
Hello Viktor
30. Jan 2015 04:05 by postfix-us...@dukhovni.org:
> Save yourself a lot of complexity and use a different port for this on the
> destination system. You could use 587, for example. This automatically
> bypasses postscreen.
>
>> So when it passes to #2 server the mail with relay I w
I am working on making secure conditions on Postfix sending and receiving
only relays.
There are two Postfix servers in two locations.
In the #1 location Postfix configuration is so that
1. Send any mail out to any server on the internet with SMTP like always
2. Relay some specifics mail to
Hello Wietse:
29. Jan 2015 21:02 by wie...@porcupine.org:
> Postfix could do this automatically, but it is too late for
> the upcoming stable release to make such a change.
>
Only knowing the info is good for now!
If it is some day done automatically then that I think would be usefull.
Hello Wietse
29. Jan 2015 20:49 by wie...@porcupine.org:
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> ...
> smtps inet n - n - - smtpd
> -o syslog_name=postfix/smtps
> ...
>
> The same could be done wi
It is like I said that I did this to myself. I was looking under the wrong
cup in the Shell Game!
Yesterday I had a change to trasnport from 'pf-out' not over the open
internet only over my private internet with a VPN. I did this with reading a
posting from another person.
I changed the http
With the testing by both telnet and openssl s_client I can see the TLS as the
available option but I see too the "None" cipher.
I am suspecting this though confusing.
I will first read more on the testing with these tools and understanding the
meaning of the logging reply for them. I also see
Hello Patrick
29. Jan 2015 19:37 by p...@sys4.de:
> The problem is probaly in the lines above in your log. Have you tried to
> reload postfix (to get a clear offset in the log)
Yes many times.
> and then telnet to
> 127.0.0.1?
>
Before I am complaining some more times I will first e
Bleh. I think I am tired and making worse and worse mistakes. May be I need
to make a step away for some time. :-(
I have made some change that I cannot find and have an error now I do not see
or know the cause for.
I made a Postfix instance for getting mail with Postscreen and recipient
v
28. Jan 2015 19:19 by li...@rhsoft.net:
postscreen_dnsbl_sites =
> > http://b.barracudacentral.org=127.0.0.2*7
> > http://dnsbl.inps.de=127.0.0.2*7
>
I see from the example you give that these are I think all DNSBL that are
domain name searching only
In the notes I am keeping from read
28. Jan 2015 19:28 by li...@rhsoft.net:
> maybe you need some numbers why the below config is good and greylisting
> not needed
>
> peak day 2015/01
>
> * postscreen rejects: 9
> * spamassassin: 120
> * clamav: 15
> * delivered mail: 850
>
> that are numbers for a single day
>
Okay that
28. Jan 2015 19:19 by li...@rhsoft.net:
honestly with postscreen *without deep protocol tests) and rbl-scoring (DSNBL
as well as DNSWL) there is no point for greylisting at all
>
> postscreen_dnsbl_ttl = 5m
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_action = enforce
> postscreen_gree
28. Jan 2015 19:17 by wie...@porcupine.org:
> There are good reasons to NOT integrate, and instead use the
> least-expensive solution before the most-expensive solution.
>
> postscreen implements a least-expensive solution that eliminates
> most of the spambots without even allowing them to talk
28. Jan 2015 18:43 by li...@rhsoft.net:
> besides that greylisting is harmful in case of large sending clusters not
> returning with the same IP while re-try a deferred message postscreen can
> do this more or less as side effect with deep protool tests
>
Yes I see that opportunity in Po
I have read the documents for some different Greylisting opportunities for
Postfix
This built into Postfix
http://www.postfix.org/SMTPD_POLICY_README.html#greylist
and popular ones
http://wiki.policyd.org
http://postgrey.schweikert.ch
I am not finding a modern comparison of these and a decisi
I am next working on using local database file lookups for Postfix
configuration use.
I see how in the document
http://www.postfix.org/DATABASE_README.html
to use MySQL and LDAP for some things. With some examples and tests I am
sucessful.
I see too the example for hash: or btree: or lmdb:.
Helo Viktor
28. Jan 2015 06:10 by postfix-us...@dukhovni.org:
> No that's > http://main.cf> . I meant > http://master.cf> .
>
Ach! That is my reading mistake.
> This gets added as an override option to that > http://master.cf
> transport definition.
>
> Clone "smtp unix ... smtp" or "rel
Helo Viktor
28. Jan 2015 05:46 by postfix-us...@dukhovni.org:
> The setting is per-transport. Therefore you need a suitable
> additional transport entry in > http://master.cf> with an
> smtp_bind_address
> override, and a custom address_verify_transport or similar.
>
Okay I see the idea.
I am working next on the Postfix Recipient address verification step from the
document http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient.
Because I must make the other parts work the parameter in main configuration
is set
smtp_bind_address = 0.0.0.0
All this works especialy goo
I am reading and working to understand the MULTI_INSTANCE possibilities in
Postfix.
I am not sure yet that is a good solution for me. May be I can do what I must
with only transport maps.
I although have a question for configuring Postfix encryption if I am using
many instances.
Only a theore
Hello Viktor
> Your logs are too verbose. This just hides the real problem in a torrent of
> noise.
This surprised me because we alway increase the logging when there is trouble
right? But it was the most help!
> Resolving TLS handshake problems requires full-package PCAP captures and
> wire
I work with
postconf mail_version
mail_version = 2.11.3
making a Postfix gateway to recieve and relay for my client his domain.
Say his mail domain is "http://clientdomain.com"; and his mail server is
"http://client1.clientdomain.com";.
I am working on TLS security of mail from my server to h
24 matches
Mail list logo
