Am 05.12.2010 20:40, schrieb DTNX/NGMX Postmaster:
On 02/12/2010, at 23:08, Stan Hoeppner wrote:
Martin Kellermann put forth on 12/2/2010 6:08 AM:
and there's a 5 sec. delay ... seems way too long to me for just
checking the recipient...!?
That delay should be no longer than what a typical d
Am 02.12.2010 23:08, schrieb Stan Hoeppner:
Martin Kellermann put forth on 12/2/2010 6:08 AM:
and there's a 5 sec. delay ... seems way too long to me for just
checking the recipient...!?
That delay should be no longer than what a typical delivery to the
Exchange server would be. Since no mess
Le 05/12/2010 21:45, DTNX/NGMX Postmaster a écrit :
On 05/12/2010, at 18:19, mouss wrote:
Le 03/12/2010 01:55, Stan Hoeppner a écrit :
Victor Duchovni put forth on 12/2/2010 4:27 PM:
The OP is really far better off querying the LDAP server:
That may be Viktor. I think he should test both
On 05/12/2010, at 18:19, mouss wrote:
> Le 03/12/2010 01:55, Stan Hoeppner a écrit :
>> Victor Duchovni put forth on 12/2/2010 4:27 PM:
>>
>>> The OP is really far better off querying the LDAP server:
>>
>> That may be Viktor. I think he should test both and pick the solution
>> that works best
On 02/12/2010, at 13:19, Martin Kellermann wrote:
> Am 02.12.2010 13:11, schrieb Eero Volotinen:
>>> but i see a strange "double-bounce" in mail.log which i don't understand:
>> double-bounce is account used for validation of user account.
>
> thank you for explaining this... so everything seems
On 02/12/2010, at 23:08, Stan Hoeppner wrote:
> Martin Kellermann put forth on 12/2/2010 6:08 AM:
>
>> and there's a 5 sec. delay ... seems way too long to me for just
>> checking the recipient...!?
>
> That delay should be no longer than what a typical delivery to the
> Exchange server would be
Le 03/12/2010 01:55, Stan Hoeppner a écrit :
Victor Duchovni put forth on 12/2/2010 4:27 PM:
The OP is really far better off querying the LDAP server:
That may be Viktor. I think he should test both and pick the solution
that works best in his environment, both from a performance and
managem
Victor Duchovni put forth on 12/2/2010 4:27 PM:
> The OP is really far better off querying the LDAP server:
That may be Viktor. I think he should test both and pick the solution
that works best in his environment, both from a performance and
management perspective. Choice is usually a good thin
Martin Kellermann put forth on 12/2/2010 6:08 AM:
> relay=IP[IP]:PORT, delay=5.7, delays=0.6/0/0.03/5.1, dsn=5.1.1,
> --
> and there's a 5 sec. delay ... seems way too long to me for just
> checking the recipient...!?
Completion of support for time stamps from different stage
On Thu, Dec 02, 2010 at 04:08:09PM -0600, Stan Hoeppner wrote:
> Martin Kellermann put forth on 12/2/2010 6:08 AM:
>
> > and there's a 5 sec. delay ... seems way too long to me for just
> > checking the recipient...!?
>
> That delay should be no longer than what a typical delivery to the
> Excha
Stan Hoeppner:
> Yes, as always. I've simply been looking at this from the premise that
> our countermeasures which stop spam connections before the RCPT TO stage
> will also stop dictionary attacks before the RCPT TO stage since such
> attacks typically come from the same types of sources. ...
Martin Kellermann put forth on 12/2/2010 6:08 AM:
> and there's a 5 sec. delay ... seems way too long to me for just
> checking the recipient...!?
That delay should be no longer than what a typical delivery to the
Exchange server would be. Since no message is sent, it should be
shorter by quite
Wietse Venema put forth on 12/2/2010 7:35 AM:
> Victor Duchovni:
>> Because I am not thinking about normal loads that don't matter. One
>> needs to survive hostile loads.
>>
LDAP tables are supported and not discouraged, but high volume sites
may want to dedicate some LDAP replicas to MTA
Wietse Venema:
> Victor Duchovni:
> > Because I am not thinking about normal loads that don't matter. One
> > needs to survive hostile loads.
> >
> > > > LDAP tables are supported and not discouraged, but high volume sites
> > > > may want to dedicate some LDAP replicas to MTA queries.
> > >
> >
Victor Duchovni:
> Because I am not thinking about normal loads that don't matter. One
> needs to survive hostile loads.
>
> > > LDAP tables are supported and not discouraged, but high volume sites
> > > may want to dedicate some LDAP replicas to MTA queries.
> >
> > I'm not discouraging anyone f
Am 02.12.2010 13:11, schrieb Eero Volotinen:
but i see a strange "double-bounce" in mail.log which i don't understand:
double-bounce is account used for validation of user account.
thank you for explaining this... so everything seems to be fine so far...
is this user name configurable?
> but i see a strange "double-bounce" in mail.log which i don't understand:
double-bounce is account used for validation of user account.
--
Eero
On 02/12/2010, at 06:25, DTNX/NGMX Postmaster wrote:
On 01/12/2010, at 23:18, Stan Hoeppner wrote:
Martin Kellermann put forth on 12/1/2010 9:19 AM:
so, is it still (seven years later) "The right thing™ to do" ?
will it work proper with exchange 2007/2010 ?
since the usage of "script-generate
Stan Hoeppner wrote:
Jose-Marcio Martins da Cruz put forth on 12/2/2010 2:40 AM:
Victor Duchovni wrote:
On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
The lookup is always a cache miss. Then an SMTP probe is sent. Dictionary
attacks always yield cache misses.
You are forgetting
Jose-Marcio Martins da Cruz put forth on 12/2/2010 2:40 AM:
> Victor Duchovni wrote:
>> On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
>
>> The lookup is always a cache miss. Then an SMTP probe is sent. Dictionary
>> attacks always yield cache misses.
>
>> You are forgetting that
Victor Duchovni wrote:
On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
The lookup is always a cache miss. Then an SMTP probe is sent. Dictionary
attacks always yield cache misses.
You are forgetting that dictionary attacks are almost exclusively queries
for non-existent users
Victor Duchovni put forth on 12/1/2010 11:51 PM:
> On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
>
>> Victor Duchovni put forth on 12/1/2010 5:06 PM:
>>> On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
>>
Are LDAP queries still simpler and cheaper once all reci
On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
> Victor Duchovni put forth on 12/1/2010 5:06 PM:
> > On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
>
> >> Are LDAP queries still simpler and cheaper once all recipient addresses
> >> are cached in $data_directory/ver
Victor Duchovni put forth on 12/1/2010 5:06 PM:
> On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
>> Are LDAP queries still simpler and cheaper once all recipient addresses
>> are cached in $data_directory/verify_cache?
>
> Yes, because the vast majority of "RCPT TO" commands are d
On 01/12/2010, at 23:18, Stan Hoeppner wrote:
> Martin Kellermann put forth on 12/1/2010 9:19 AM:
>
>> so, is it still (seven years later) "The right thing™ to do" ?
>> will it work proper with exchange 2007/2010 ?
>> since the usage of "script-generated map-files" will never show
>> a real-time
On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
> > No, LDAP lookups are simpler and cheaper than SMTP probes. The Postfix
> > LDAP driver works with MSFT AD via simple password binds. Code for SASL
> > binds (e.g. for folks who want to use GSSAPI) should be available in
> > the 2.8
Victor Duchovni put forth on 12/1/2010 4:25 PM:
> On Wed, Dec 01, 2010 at 04:18:11PM -0600, Stan Hoeppner wrote:
>
>> If more than that, for many reasons, I recommend using recipient address
>> verification instead of LDAP lookups, assuming you have decent spam
>> filtering techniques on your Post
On Wed, Dec 01, 2010 at 04:18:11PM -0600, Stan Hoeppner wrote:
> If more than that, for many reasons, I recommend using recipient address
> verification instead of LDAP lookups, assuming you have decent spam
> filtering techniques on your Postfix gateway, which is a requirement in
> today's world
Martin Kellermann put forth on 12/1/2010 9:19 AM:
> we need to set up postfix as an incoming relay which forwards
> messages via transport to a protected exchange 2007 server.
> to do this without getting backscatter, we need to check the
> recipients for validity on exchange server side in AD/LDA
hi,
we need to set up postfix as an incoming relay which forwards
messages via transport to a protected exchange 2007 server.
to do this without getting backscatter, we need to check the
recipients for validity on exchange server side in AD/LDAP.
this howto from 2003 describes pretty well, what
30 matches
Mail list logo
