>
>
> Is there any security benefits to creating this smart host as a separate
> SMTP server? Are there any "best practices" for this kind of situation?
>
It depends on your network structure and how much do you trust your new
clients.
If your client resides directly at your local network (eithe
We have two Postfix servers. Currently, none of them allow relaying.
We accept incoming email only from authenticated users and from
mail servers sending mail to any domain where we are the final
destination.
We are considering setting up an SMTP smart host server for a few
entities that would be
* Wietse Venema :
> Patrick Ben Koetter:
> > Perhaps the list of recommendations could be expanded to recommend sending
> > "postconf -M" output along with "postconf -n". I'd expect this to complement
> > the overall picture.
>
> It is as if it was added yesterday, but in reality it was introduced
Patrick Ben Koetter:
> Perhaps the list of recommendations could be expanded to recommend sending
> "postconf -M" output along with "postconf -n". I'd expect this to complement
> the overall picture.
It is as if it was added yesterday, but in reality it was introduced
with Postfix 2.9, three year
Perhaps the list of recommendations could be expanded to recommend sending
"postconf -M" output along with "postconf -n". I'd expect this to complement
the overall picture.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft:
On Tue, Mar 06, 2012 at 06:19:59PM +0100, Robert Dahlem wrote:
> Default strategy for "verify": ask DNS about MX, then check if the
> servers CN matches. Check if the trust chain is valid.
Yes, though there is no promise of whether the name or the trust
chain is checked first. Both need to be acc
On 06.03.2012 16:57, Viktor Dukhovni wrote:
>> It's just that its CN does not match the server name, but that
>> should be ok when using "verify" (and not when using "secure").
> Considering that Postfix documentation does not say this, and
> clearly states the opposite, you're just overloading y
On Tue, Mar 06, 2012 at 11:52:54AM +0100, Robert Dahlem wrote:
> /etc/postfix/transport:
> test1.prv smtp:[s2.mydomain.de]
> /etc/postfix/tls_policy:
> [s2.mydomain.de]verify
> ==
> s2.mydomain.de[192.168.1.1]:25: Trus
On 05.03.2012 19:39, Wietse Venema wrote:
>> 366AE26E2B: to=, relay=s2.mydomain.de[192.168.1.1]:25,
>> ..., dsn=4.7.5, status=deferred (Server certificate not verified)
>> ==
>>
>> So my understanding of the difference between "verify
On Mon, Mar 05, 2012 at 07:26:18PM +0100, Robert Dahlem wrote:
> I'm on Postfix 2.5.6 and implementing TLS. I'm having difficulties to
> understand the difference between "verify" and "secure".
These are documented in TLS_README.html
http://www.postfix.org/TLS_README.html#client_tls_veri
Robert Dahlem:
> 366AE26E2B: to=, relay=s2.mydomain.de[192.168.1.1]:25,
> ..., dsn=4.7.5, status=deferred (Server certificate not verified)
> ==
>
> So my understanding of the difference between "verify" and "secure"
> seems to be wro
Hi,
I'm on Postfix 2.5.6 and implementing TLS. I'm having difficulties to
understand the difference between "verify" and "secure".
What I've got on the client side:
/etc/hosts:
192.168.1.1 s2.mydomain.de
/etc/postfix/main.cf
disable_dns_lookups = yes
smtp_tls_loglevel =
12 matches
Mail list logo
