On Wed, Jan 22, 2025 at 13:40:34 +1100, Viktor Dukhovni via Postfix-users wrote:
> Nothing in the Postfix config, but do note that on RedHat / Fedora
> systems there's also "crypto policy" that cranks up security to 11 to
> protect users against fairly exotic threats, so you end up with
> cleartext
On Tue, Jan 21, 2025 at 05:16:29PM -0500, Wietse Venema via Postfix-users wrote:
> >[root@host /]# postconf -n | grep tls
> >milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
> > {tls_version}
> >smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> >smtp_tls_CApath = /e
postfix--- via Postfix-users:
> > You may want to comment out protocol or cipher tweaks' these can
> > reduce interoperability:
> >
> > postconf -n | grep tls
>
>
> I do not think I am using any tweaks and try to keep things as default as
> possible. Or maybe I'm misunderstanding.
>
>[root
You may want to comment out protocol or cipher tweaks' these can
reduce interoperability:
postconf -n | grep tls
I do not think I am using any tweaks and try to keep things as default as
possible. Or maybe I'm misunderstanding.
[root@host /]# postconf -n | grep tls
milter_rcpt_macros =
un-time library vs.
> compile-time header version mismatch: OpenSSL 3.2.0 may not be compatible
> with OpenSSL 3.0.0
>Jan 21 09:15:22 host postfix/smtpd[79286]: connect from
> sub.example.com[xxx.xxx.xxx.xxx]
>Jan 21 09:15:22 host postfix/smtpd[79286]: SSL_acc
: OpenSSL 3.2.0 may not be compatible
with OpenSSL 3.0.0
Jan 21 09:15:22 host postfix/smtpd[79286]: connect from
sub.example.com[xxx.xxx.xxx.xxx]
Jan 21 09:15:22 host postfix/smtpd[79286]: SSL_accept error from
sub.example.com[xxx.xxx.xxx.xxx]: -1
Jan 21 09:15:22 host postfix/smtpd[79286
On Sun, Nov 17, 2024 at 04:47:17PM -0800, Randy Bush via Postfix-users wrote:
> 2024-11-18T00:03:12.077805+00:00 m0 postfix/smtpd[1756]: warning:
> TLS library problem: error:0A000102:SSL routines:
> :unsupported protocol
-
> :.
i am seeing occasional
2024-11-18T00:03:11.981217+00:00 m0 postfix/smtpd[1756]: connect from
mail.edusemx.com[66.85.163.236]
2024-11-18T00:03:12.077728+00:00 m0 postfix/smtpd[1756]: SSL_accept error
from mail.edusemx.com[66.85.163.236]: -1
2024-11-18T00:03:12.077805+00:00 m0 postfix
Scott K via Postfix-users:
> My mail server stopped working with this error:
>
> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
> alert bad certificate: SSL alert number 42
I have some questions:
A complete logfile record that shows the name of the Postfix
On Sun, Nov 10, 2024 at 07:16:12AM -0500, Scott K via Postfix-users wrote:
> My mail server stopped working with this error:
>
> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
> alert bad certificate: SSL alert number 42
Far too little context, bu
My mail server stopped working with this error:
TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
alert bad certificate: SSL alert number 42
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
On Wed, Sep 25, 2024 at 10:40:30AM +1000, raf via Postfix-users wrote:
> > Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: warning: TLS library
> > problem: error:0A6C:SSL routines::bad key
> > share:../ssl/statem/extensions_srvr.c:646:
>
> But I'm
On 2/11/24 09:58, giuliano--- via Postfix-users wrote:
Hi everyone!
Thank you a lot Wietse your help was essential for me learn more about
the dovecot and postfix and resolve the problem. I dont know why, but
the dovecot.conf was not loading the conf.d/ folder. So after change
these files I d
stfix-users
Sent: Friday, November 1, 2024 5:07 PM
To: Postfix users
Subject: [pfx] Re: {Disarmed} Error when I try send a e-mail using my postfix
server using the "New Outlook"
giuliano--- via Postfix-users:
> I try to set in postfix (main.cf) sasl_mechanism_filter = plain, lo
giuliano--- via Postfix-users:
> I try to set in postfix (main.cf) sasl_mechanism_filter = plain, login
>
> and try do change the dovecot confs to
> (/etc/dovecot/conf.d/10-auth.conf):
> auth_mechanisms = plain login
>
> And restart both systems, but dont work.
In your previous email message th
Em 2024-11-01 10:34, Wietse Venema via Postfix-users escreveu:
giuliano--- via Postfix-users:
Oct 31 19:23:44 host01 postfix/submission/smtpd[497262]: <
unknown[2603:1056:c03:1c16::5]: AUTH LOGIN
Z2l1bGlhbm9AaG9zcGVkYXF1aS5jb20uYnI=
The error is that Postfix will only accept AUTH PLAIN.
T
giuliano--- via Postfix-users:
> Oct 31 19:23:44 host01 postfix/submission/smtpd[497262]: <
> unknown[2603:1056:c03:1c16::5]: AUTH LOGIN
> Z2l1bGlhbm9AaG9zcGVkYXF1aS5jb20uYnI=
The error is that Postfix will only accept AUTH PLAIN.
This is from the communication
s 11.
>
> When I connect to my account in the "new outlook", the IMAP connection
> works fine, I can see all the e-mails, but when I try to send a new
> e-mail a receive a e-mail with error.
>
> We couldn't deliver your message.
>
> Original message
nect to my account in the "new outlook", the IMAP connection
> > works fine, I can see all the e-mails, but when I try to send a new
> > e-mail a receive a e-mail with error.
> >
> > We couldn't deliver your message.
> >
> > Original message details
works fine, I can see all the e-mails, but when I try to send a new
> e-mail a receive a e-mail with error.
>
> We couldn't deliver your message.
>
> Original message details
> Created date: 10/31/2024 5:53:03 PM
> Sender address: giuli...@hospedaqui.com.br
> Re
e-mail a receive a e-mail with error.
We couldn't deliver your message.
Original message details
Created date: 10/31/2024 5:53:03 PM
Sender address: giuli...@hospedaqui.com.br
Recipient addresses: *@gmail.com
Subject: teste
Technical details
SmtpSubmissionPermanent5XXException:
On Tue, Sep 24, 2024 at 09:54:27PM +0800, Wesley via Postfix-users
wrote:
> I have a backup MX server which shows this error in its mail.log:
>
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: connect from
> unknown[165.154.138.57]
> Sep 24 21:49:18 mxback postfix/sm
On Tue, Sep 24, 2024 at 09:54:27PM +0800, Wesley via Postfix-users wrote:
> I have a backup MX server which shows this error in its mail.log:
>
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: connect from
> unknown[165.154.138.57]
> Sep 24 21:49:18 mxback postfix/sm
>> That is probably because your mailserver's ip reputation
>> has not been reset by t-online. Have you ever contacted
>
> What do you mean with reset? T-Online refused to accept mails from servers
> using our own IP ranges with completely new IPs.
> There would be nothing to reset.
Not having s
Am Fr, Sep 20, 2024 at 20:37:10 +0200 schrieb Gerald Galster via Postfix-users:
That is probably because your mailserver's ip reputation
has not been reset by t-online. Have you ever contacted
What do you mean with reset? T-Online refused to accept mails from
servers using our own IP ranges wi
> we are struggling with t-online.de:
Why don't you post the corresponding maillog entry?
T-online's smtp error messages are quite elaborate and
usually contain an email address that you can contact
in case of problems.
> As you may know as SMTP client you have to fu
e to time we receive mails from t-online.de, but
> > can't answer.
> >
> > So our idea is, in case the mail comes from t-online.de, we process and
> > delivery the mail but return an (meaningful) error message to the
> > t-online.de SMTP client.
> >
> > Th
er.
>
> So our idea is, in case the mail comes from t-online.de, we process and
> delivery the mail but return an (meaningful) error message to the
> t-online.de SMTP client.
>
> This is meant as signal so that huge email provider can't dictate their
> rules (besi
nswer.
So our idea is, in case the mail comes from t-online.de, we process and
delivery the mail but return an (meaningful) error message to the
t-online.de SMTP client.
This is meant as signal so that huge email provider can't dictate their
rules (besides SPF, DKIM, DMARC, etc. what we supp
ne.de, we process and
delivery the mail but return an (meaningful) error message to the
t-online.de SMTP client.
This is meant as signal so that huge email provider can't dictate their
rules (besides SPF, DKIM, DMARC, etc. what we support) - and should
prevent a discussion like: "J
On 2024-09-20 at 09:30:56 UTC-0400 (Fri, 20 Sep 2024 13:30:56 +)
hawky--- via Postfix-users
is rumored to have said:
Hi!
I'm looking for a way to process and deliver an incoming email, but
return an error (with a meaningful) message to the client.
By looking at the SMTP status
hawky--- via Postfix-users:
> Hi!
>
> I'm looking for a way to process and deliver an incoming email, but
> return an error (with a meaningful) message to the client.
>
> By looking at the SMTP status codes
> (https://en.wikipedia.org/wiki/List_of_SMTP_server_retur
Hi!
I'm looking for a way to process and deliver an incoming email, but
return an error (with a meaningful) message to the client.
By looking at the SMTP status codes
(https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes) I don't
see an obvious way to do that. But m
Peter via Postfix-users:
> On 20/07/24 00:30, Wietse Venema via Postfix-users wrote:
> >> Just to throw another wrench in the works, MariaDB lists mysql_options()
> >> as deprecated in MariaDB Connector/C 3.0 and recommends mysql_optionsv()
> >> instead:
> >>
> >> https://mariadb.com/kb/en/mysql_op
On 20/07/24 00:30, Wietse Venema via Postfix-users wrote:
Just to throw another wrench in the works, MariaDB lists mysql_options()
as deprecated in MariaDB Connector/C 3.0 and recommends mysql_optionsv()
instead:
https://mariadb.com/kb/en/mysql_options/
For now it should work, but we may end up
Peter via Postfix-users:
> On 19/07/24 11:59, Robert Fuhrer via Postfix-users wrote:
> >> Where does that number come from? It needs to be a version that
> >> introduces all the the MYSQL_OPT_SSL_XXX features that Postfix
> >> needs. This is the preferred API, and it won't be removed in another
> >
Robert Fuhrer via Postfix-users:
> > I couldn't find a suitable "capability macro", i.e., something
> >> that signals at the preprocessor level that the new options API
> >> is available.
> >>
> >> Instead, I replaced the #if-test in your patch with just:
> >>
> >> #if MYSQL_VERSION_ID >= 80035
>
On 19/07/24 11:59, Robert Fuhrer via Postfix-users wrote:
Where does that number come from? It needs to be a version that
introduces all the the MYSQL_OPT_SSL_XXX features that Postfix
needs. This is the preferred API, and it won't be removed in another
10 years.
The format of MYSQL_VERSION_ID
> On Jul 18, 2024, at 6:50 PM, Wietse Venema via Postfix-users
> wrote:
>
>> Unfortunately, it doesn't work as is, b/c one can't use the C
>> preprocessor "defined()" operator on enum symbols, which the various
>> MYSQL_OPT_SSL_* symbols all are. You can basically only reference
>> preprocessor
> Unfortunately, it doesn't work as is, b/c one can't use the C
> preprocessor "defined()" operator on enum symbols, which the various
> MYSQL_OPT_SSL_* symbols all are. You can basically only reference
> preprocessor macro symbols in the #if-test.
>
> (BTW, the patch you inlined didn't have a lea
Oops, apologies, forgot to send to the list.
Cheers, - Bob
Begin forwarded message:From: Robert Fuhrer Subject: Re: [pfx] Build error for PostFix 3.9.0 on MacOS with MySQL 8.3: missing mysql_ssl_set()Date: July 18, 2024 at 5:55:49 PM EDTTo: Wietse Venema Hi Wietse,Thanks for the speedy patch
rom source.
>
> The only error I'm running into is in compiling the MySQL support. The latest
> MySQL that Homebrew provides is 8.3.0, which doesn't define the function
> mysql_ssl_set(), referenced at src/global/dict_mysql.c:603.
>
> Interestingly, that function was d
Hi,
MacOS ships with an ancient version of PostFix (3.2.2!).
I already have PostFix running nicely, but I have no idea when Apple will
update PostFix, or worse, remove it altogether (!), so I'm building PostFix
3.9.0 from source.
The only error I'm running into is in compiling
Bill Cole via Postfix-users:
> On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT))
> Wietse Venema via Postfix-users
> is rumored to have said:
>
> > Wietse Venema via Postfix-users:
> >> If you specify
> >>
> >> reject_rbl_client string-with-complex-syntax
> >>
> >> Th
On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT))
Wietse Venema via Postfix-users
is rumored to have said:
> Wietse Venema via Postfix-users:
>> If you specify
>>
>> reject_rbl_client string-with-complex-syntax
>>
>> Then the rbl_reply_maps seach key will be that
>> s
Wietse Venema via Postfix-users:
> If you specify
>
> reject_rbl_client string-with-complex-syntax
>
> Then the rbl_reply_maps seach key will be that
> string-with-complex-syntax.
...
> Unlike rbl_reply_maps, postscreen strips the filter (and weight)
> before searching the reply table. There a
Cody Millard via Postfix-users:
> Check out this link showing a example postfix configuration.
>
> https://portal.spamhaus.com/dqs/#3.1.2
>
> I found it to be very helpful in displaying the ranged syntax that
> spamhaus supports.
For a web page that does not require logging in, see:
https://do
Check out this link showing a example postfix configuration.
https://portal.spamhaus.com/dqs/#3.1.2
I found it to be very helpful in displaying the ranged syntax that
spamhaus supports.
On 6/22/2024 4:25 PM, Bill Cole via Postfix-users wrote:
On 2024-06-22 at 16:58:26 UTC-0400 (Sat, 22 Jun 20
Bill Cole via Postfix-users:
> > Absolutely. If you specify
> >
> > reject_rbl_client string-with-complex-syntax
> >
> > Then the rbl_reply_maps seach key will be that
> > string-with-complex-syntax.
>
> OK. Right now I have multiple items like this in
> smtpd_recipient_retrictions
>
>
Wietse Venema via Postfix-users:
> The rbl_reply_maps are searched with the domain specified with
> reject_rbl_client.
>
> That includes the optional "=address" portion, added in Postfix
> 2.8, but that was not added to the much older rbl_reply_maps
> documentation.
I have added documentation fo
On 2024-06-22 at 16:58:26 UTC-0400 (Sat, 22 Jun 2024 16:58:26 -0400
(EDT))
Wietse Venema via Postfix-users
is rumored to have said:
Bill Cole via Postfix-users:
On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400
(EDT))
Wietse Venema via Postfix-users
is rumored to have said:
Bill Cole via Postfix-users:
> On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400
> (EDT))
> Wietse Venema via Postfix-users
> is rumored to have said:
>
> [...]
> > The rbl_reply_maps are searched with the domain specified with
> > reject_rbl_client.
> >
> > That includes the o
On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400
(EDT))
Wietse Venema via Postfix-users
is rumored to have said:
[...]
The rbl_reply_maps are searched with the domain specified with
reject_rbl_client.
That includes the optional "=address" portion, added in Postfix
2.8, but
Cody Millard via Postfix-users:
> |Hello list.|
>
> |
> |
>
> |I included Spamhaus XBL in client restrictions for my server. An error
> is supplied to the individual/bot that is trying to connect that looks
> like the follow:
>
> |
>
> |Transcript of sess
On 2024-06-22 at 06:55:32 UTC-0400 (Sat, 22 Jun 2024 05:55:32 -0500)
Cody Millard via Postfix-users
is rumored to have said:
Hello list.
I included Spamhaus XBL in client restrictions for my server. An error
is supplied to the individual/bot that is trying to connect that looks
like the
Cody Millard via Postfix-users skrev den 2024-06-22 12:55:
You can see my dqs key in the error send to the client. Is this a
problem? If so, how could I remove the DQS key from the response?
your postfix conf reveal it
postscreen_dnsbl_reply_map =
texthash:/etc/postfix
On June 22, 2024 12:55:32 PM GMT+02:00, Cody Millard via Postfix-users
wrote:
>|Hello list.|
>
>|
>|
>
>|I included Spamhaus XBL in client restrictions for my server. An error is
>supplied to the individual/bot that is trying to connect that looks like the
>follow
|Hello list.|
|
|
|I included Spamhaus XBL in client restrictions for my server. An error
is supplied to the individual/bot that is trying to connect that looks
like the follow:
|
|Transcript of session follows. Out: 554 5.7.1 Service unavailable;
Client host [57.152.56.248] blocked using
On Tue, Jun 11, 2024 at 09:55:56AM +0800, Jeff Peng via Postfix-users wrote:
> Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning:
> TLS library problem:error:1417A0C1:SSL routines:
> tls_post_process_client_hello:no shared cipher:
> ../ssl/statem/statem_srvr.c:2283:
> Jun 11 01:52:16 tls-mail
Thanks Wietse. The request is not maken by our client, so I am safe to
ignore the error.
If this does not happen with a legitimate client, then this could
be someone who is looking for trouble (they failed) and you can
ignore the problem
Jeff Peng via Postfix-users:
> Hello
>
> what's this error in mail.log?
>
> Jun 11 01:52:15 tls-mail postfix/smtpd[67409]: connect from
> unknown[172.210.47.140]
> Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: SSL_accept error from
> unknown[172.210.47.140]:
Hello
what's this error in mail.log?
Jun 11 01:52:15 tls-mail postfix/smtpd[67409]: connect from
unknown[172.210.47.140]
Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: SSL_accept error from
unknown[172.210.47.140]: -1
Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning: TLS li
ply.
> This is the port 465 atempt.
>
> 2024-04-02T09:49:02.419571-04:00 hostname postfix/smtps/smtpd[1575]:
> SSL_accept error from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]: -1
> 2024-04-02T09:49:02.419716-04:00 hostname postfix/smtps/smtpd[1575]:
> warning: TLS library problem: error:0
1575]:
> input attribute name: status
> 2024-04-02T09:49:02.212552-04:00 hostname postfix/smtps/smtpd[1575]:
> input attribute value: 0
> 2024-04-02T09:49:02.212642-04:00 hostname postfix/smtps/smtpd[1575]:
> private/tlsmgr: wanted attribute: seed
> 2024-04-02T09:49:02.212733-04:00 h
71-04:00 hostname postfix/smtps/smtpd[1575]:
SSL_accept error from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]: -1
2024-04-02T09:49:02.419716-04:00 hostname postfix/smtps/smtpd[1575]:
warning: TLS library problem: error:0A000412:SSL routines::sslv3 alert
bad certificate:../ssl/record/rec_layer_s3.c:1590:SSL a
On Mon, Apr 01, 2024 at 04:09:34PM -0400, David Mehler via Postfix-users wrote:
> In my master.cf I do have smtpd_tls_wrappermode but it's in the commented
> out service for port 465, I'm using submission.
>
> I've checked with postconf and smtpd_tls_wrappermode is set to no.
Of course, but Thun
matic configuration and the manual configuration, in both cases I am
getting an error in my maillog from submission/smtpd service stating
error improper command pipelining after helo. Googling showed this error
Thunderbird pipelining errors after helo?
People sometimes have improper command
David Mehler via Postfix-users:
> to utilize Thunderbird v91.x. I've tried configuring with both the
> automatic configuration and the manual configuration, in both cases I am
> getting an error in my maillog from submission/smtpd service stating
> error improper command pipe
On Mon, Apr 01, 2024 at 01:45:11PM -0400, David Mehler via Postfix-users wrote:
> I've tried configuring with both the automatic configuration and the
> manual configuration, in both cases I am getting an error in my
> maillog from submission/smtpd service stating error im
sion to send it. I'm wanting
to utilize Thunderbird v91.x. I've tried configuring with both the
automatic configuration and the manual configuration, in both cases I am
getting an error in my maillog from submission/smtpd service stating
error improper command pipelining after helo. Googling
Paul Lemmons:
> I am getting the following message in my syslog exactly every 30
> seconds. Everything is working but words like "Fatal" and "Input/output
> error" cause me an inordinate amount of angst.
>
> postfix/postqueue[]: fatal: output write error: Inpu
very vanilla setup.
I have tried to find what is causing the error and so far have come up empty.
Are there is any troubleshooting techniques I could use to identify where these
are originating?
On Fri, 2024-03-01 at 15:02 -0500, Wietse Venema via Postfix-users wrote:
*** CAUTION:
This message
Paul Lemmons via Postfix-users:
> I am getting the following message in my syslog exactly every 30
> seconds. Everything is working but words like "Fatal" and "Input/output
> error" cause me an inordinate amount of angst.
>
> postfix/postqueue[]: fatal: output
I am getting the following message in my syslog exactly every 30 seconds.
Everything is working but words like "Fatal" and "Input/output error" cause me
an inordinate amount of angst.
postfix/postqueue[]: fatal: output write error: Input/output error
Searching logs I c
Carl Brewer via Postfix-users skrev den 2024-02-03 03:09:
In a world where error messages are increasingly being obfuscated, it's
great to see :
Feb 3 00:00:28 rollcage13 postfix/postscreen[22418]: warning:
postscreen_access_list: non-null host address bits in
"2403:5814:f681:
In a world where error messages are increasingly being obfuscated, it's
great to see :
Feb 3 00:00:28 rollcage13 postfix/postscreen[22418]: warning:
postscreen_access_list: non-null host address bits in
"2403:5814:f681:ab0c::0/48", perhaps you should use
"2403:581
kly:
>>
>> 2023-12-24 18:04:41.016972 postfix/tlsmgr[105819]: warning: end-of-input
>> while reading request from tlsmgr socket: Application error
>> 2023-12-24 18:04:41.017479 postfix/tlsmgr[105819]: warning: end-of-input
>> while reading request from tlsmgr socket: A
-of-input
> while reading request from tlsmgr socket: Application error
> 2023-12-24 18:04:41.017479 postfix/tlsmgr[105819]: warning: end-of-input
> while reading request from tlsmgr socket: Application error
What OS is this? The OS claims that pending data is available on a
socket, and the
error
2023-12-24 18:04:41.017479 postfix/tlsmgr[105819]: warning: end-of-input while
reading request from tlsmgr socket: Application error
2023-12-24 18:04:41.018018 postfix/tlsmgr[105819]: warning: end-of-input while
reading request from tlsmgr socket: Application error
In my case Postfix has
: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 CHUNKING
In: MAIL FROM: SIZE=14157
Out: 250 2.1.0 Ok
In: RCPT TO:
Out: 451 4.3.5 Server configuration error
In: DATA
Out: 554 5.5.1 Error: no valid recipients
In: QUIT
Out: 221 2.0.0 Bye
On 21/11/2023 17:18, Wietse
hich
> had a little white space after the OK's
In a lookup table input file, whitespace *before* OK can produce
the above error, because Postfix will append that text to the
previous line: the result will that "OK" appears after other text.
Now, we could make "OK" more t
ostfix-users:
> Well on first scan no lookup tables look out of order aside to 1 which
> had a little white space after the OK's
In a lookup table, whitespace *before* OK can produce the above
error, because Postfix will append that text to the previous line,
and the result
es of smtpd_recipient_restrictions are:
check_sender_access proxy:mysql:/etc/postfix/mysql/postgrey_sender.cf
check_policy_service inet:localhost:6
The check_sender_access allows me to skip the postgrey check for listed
sender addresses.
This would have been triggered on the configuration error transa
Paul Enlund via Postfix-users:
> Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: warning: unknown
> smtpd restriction: "OK"
> Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: NOQUEUE: reject:
> RCPT from host.verypinktiger.com[89.34.18.125]: 451 4.3.5 Server
> configuration e
On 2023-11-21 at 09:38:35 UTC-0500 (Tue, 21 Nov 2023 14:38:35 +)
Paul Enlund via Postfix-users
is rumored to have said:
Hi
I have an odd error in yesterdays mail.log. This is a one off and
cannot be replicated
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: connect from
Hi
I have an odd error in yesterdays mail.log. This is a one off and cannot
be replicated
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: connect from
host.verypinktiger.c
om[89.34.18.125]
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: Anonymous TLS connection
establis
hed from
On Mon, Sep 11, 2023 at 09:30:27PM -0400, Alex via Postfix-users wrote:
> I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and
> receiving the following errors in my logs:
>
> Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
> problem: err
Hi,
I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and receiving
the following errors in my logs:
Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
problem: error:0AC1:SSL routines::no shared
cipher:ssl/statem/statem_srvr.c:2220:
What kind of clients is
so yes, quite old by now.
You may still consider whether disabling SHA1 signatures is really the
right policy for an MTA. If you've never seen that error message in
your logs apart from the client in questions, perhaps the default is
good enough. Otherwise, enabling SHA1 will in practice b
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks
identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the
crypto policy on a per application basis. You can customize an existing
crypto policy or create your own. I t
so it can
be wiped and recycled.
On Fri, May 5, 2023 at 7:29 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
>
> > postfix/smtpd[1234567]: SSL_accept error from
> xxx.xxx.xxx[y
I don't even know whether RedHat exposes any mechanisms for applications> to opt-out
of crypto policy and use only application-driven OpenSSL> configuration. This is
should perhaps be looked into in the Postfix 3.9> timeframe.
from my notes dealing with new Fedora crypto-policies on a number o
On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> You should of course also share
> (https://www.postfix.org/DEBUG_README.html#mail)
>
> $ postconf -nf
> $ postconf -Mf
>
> without any changes in whitespace, including line breaks. Attaching
> these a
> >
>
> Because TLS/SSL things are very complex, you have to show us real
> settings all. Like me: (yw-0919: inbound, yw-1204: outbound)
> [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919
> [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204
>
And P
;
> Am I missing anything?
>
> [snippet from main.cf]
> smtpd_tls_security_level = may
>
> [snippet from log]
> May 05 16:27:59 zzz postfix/smtpd[1234567]: connect from
> xxx.xxx.xxx[yyy.yyy.yyy.yyy]
> May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error fr
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
> postfix/smtpd[1234567]: warning: TLS library problem:
> error:0398:digital envelope routines::invalid
> digest:crypto/evp/m_
xxx.xxx.xxx[yyy.yyy.yyy.yyy]
May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error from
xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem:
error:0398:digital envelope routines::invalid
digest:crypto/evp/m_sigver.c:343:
May 05 16:27:59 zzz
ia Postfix-users
Sent: Tuesday, April 25, 2023 9:43 AM
To: Postfix users
Subject: [External] [pfx] Re: Error when telnet testing, 1st cmd always fails
Caution: This is email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender an
It is a feature. Putty has option to use "Telnet" protocol or "Raw"
protocol.
On Tue, 25 Apr 2023 at 16:43, Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> Ue netcat (nc) instead of putty.
>
> I suspsect that putty is sending telnet protocol options, even when
> it connets t
Ue netcat (nc) instead of putty.
I suspsect that putty is sending telnet protocol options, even when
it connets to a server on a non-telnet port. That would be a putty
bug.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To u
1 - 100 of 2245 matches
Mail list logo
