Re: Secure relay from specific internet host to internet

Hi, While it's easy enough to spoof single IP packets, it's far more difficult to spoof a whole SMTP conversation. Very well. If adding the IP address to mynetworks provides sufficient security against abuse of my server, I will leave it to that. Thanks for the advice. Lucas

postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Hi, Since i have upgrade my postfix from 2.6.x to 2.8.x or 2.10.x postfix don't send the command QUIT after the response (code 250) to END-OF-MESSAGE. Debug : Before with postfix 2.6.18 : ... Apr 22 14:36:47 dedi dkimproxy.in[18373]: DKIM verify - none; from= Apr

Re: Secure relay from specific internet host to internet

On Mon, Apr 22, 2013 at 03:01:04PM +0200, L.W. van Braam van Vloten wrote: > > While it's easy enough to spoof single IP packets, it's far more > > difficult to spoof a whole SMTP conversation. > > Very well. If adding the IP address to mynetworks provides sufficient > security against abuse of my

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Ludovic LEVET: > Hi, > > Since i have upgrade my postfix from 2.6.x to 2.8.x or 2.10.x postfix > don't send the command QUIT after the response (code 250) to END-OF-MESSAGE. > dedi.ludosoft.org[127.0.0.1] Why is this a problem, three years after the change was made? Wietse

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Sorry to not upgrade before, but 2.6.X version is already supported version ... :-) Sorry to see that this upper version brake the RFC protocol submission (when it talk to proxy) since 3 years ... Ludovic. Le 22/04/2013 18:21, Wietse Venema a écrit : Ludovic LEVET: Hi, Since i have upgrade

"421 4.4.2" (fqdn hostname) "Error: timeout exceeded" with ssl

Hello, I've been debugging timeout problems using openssl commandline client. local.host:~# openssl s_client -connect 192.168.172.1:25 -starttls smtp CONNECTED(0003) depth=0 /CN=remote.mail.domain verify error:num=18:self signed certificate verify return:1 depth=0 /CN=remote.mail.domain veri

Odd trivial-rewrite complaint with postfix 2.10

This started showing up sporadically in our logs after upgrading to postfix 2.10: Apr 22 14:42:50 zqa-061 postfix/trivial-rewrite[30487]: warning: do not list domain zqa-061.eng.vmware.com in BOTH mydestination and virtual_mailbox_domains However, it is not listed in both: zimbra@zqa-061:~

Re: Secure relay from specific internet host to internet

> Very well. If adding the IP address to mynetworks provides sufficient > security against abuse of my server, I will leave it to that. TCP and therefore SMTP is a bidirectional protocol (SYN-ACK and such). If you really estimate an attacker between you and the remote end, you will need *verified

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

no brake but broke See RFC5321 : http://www.ietf.org/rfc/rfc5321.txt 4.1.1.10. QUIT (QUIT) This command specifies that the receiver MUST send a "221 OK" reply, and then close the transmission channel. The receiver MUST NOT intentionally close the transmission channel until i

Re: "421 4.4.2" (fqdn hostname) "Error: timeout exceeded" with ssl

Juri Grabowski: > postconf: > > 2bounce_notice_recipient = postmaster No-one is going to read over 700 lines of output. Perhaps you did not notice that you should send "postconf -n" output. Wietse

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Ludovic LEVET: > no brake but broke If your server cannot handle a missing QUIT, get a better one. Wietse

loops back to myself

Hello, my friend This is tom, I'm sending my greeting from China I got some problem, and need your help This mail is in the queue, but I hold it,just like that C94C6AC00D4!3372 Wed Apr 17 19:07:51 MAILER-DAEMON (mail for uhb.com loops back to myself)