Hey there,
I just registered to this list, so sorry if that matter was already discussed
in the past. My question/proposal is targeted at the developers of Postfix.
Postfix in fact does already host-certificate checks in both directions/roles,
which results in "Trusted TLS connections establish
Am 11.07.2014 11:10, schrieb BlueStar88:
> I'd like to setup a Trusted-only MTA for a special domain.
if you have both servers under your control you may always cover con by
vpn, and use special transport ,additional to postfix secure features
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
On Fri, 11 Jul 2014 11:29:11 +0200
Robert Schetterer wrote:
>Am 11.07.2014 11:10, schrieb BlueStar88:
>> I'd like to setup a Trusted-only MTA for a special domain.
>
>if you have both servers under your control you may always cover con by
>vpn, and use special transport ,additional to postfix sec
Am 11.07.2014 11:53, schrieb BlueStar88:
> On Fri, 11 Jul 2014 11:29:11 +0200
> Robert Schetterer wrote:
>
>> Am 11.07.2014 11:10, schrieb BlueStar88:
>>> I'd like to setup a Trusted-only MTA for a special domain.
>>
>> if you have both servers under your control you may always cover con by
>> vp
On Fri, 11 Jul 2014 12:02:34 +0200
Robert Schetterer wrote:
>something like this ?
>
>relay_clientcerts (default: empty)
>
>List of tables with remote SMTP client-certificate fingerprints or
>public key fingerprints (Postfix 2.9 and later) for which the Postfix
>SMTP server will allow access
Am 11.07.2014 12:31, schrieb BlueStar88:
> On Fri, 11 Jul 2014 12:02:34 +0200
> Robert Schetterer wrote:
>
>
>> something like this ?
>>
>> relay_clientcerts (default: empty)
>>
>>List of tables with remote SMTP client-certificate fingerprints or
>> public key fingerprints (Postfix 2.9 and l
On Fri, Jul 11, 2014 at 11:10:37AM +0200, BlueStar88 wrote:
> Postfix in fact does already host-certificate checks in both
> directions/roles, which results in "Trusted TLS connections
> established from/to ..." in the optimum case.
What would the server do differently with a client certificate t
On Fri, 11 Jul 2014 14:44:42 +
Viktor Dukhovni wrote:
>On Fri, Jul 11, 2014 at 11:10:37AM +0200, BlueStar88 wrote:
>
>> Postfix in fact does already host-certificate checks in both
>> directions/roles, which results in "Trusted TLS connections
>> established from/to ..." in the optimum case.
BlueStar88:
> for quite some while. I can see successful chain walks on inbound
> connections resulting in "Trusted TLS connection established from".
"Trusted" verifies the CA chain, not the client DNS name.
With HTTP clients, the certificate name check confirms that the
client has a TLS connect
There's a new trick in the spammer's bag of tricks. Companies like
strikeiron and briteverify are springing up promising to verify email
addresses so that senders can limit sending invalid emails to MTAs and
thus wind up on their suspicious sender list. I can't think of a
single legitimate use fo
Am 11.07.2014 21:02, schrieb D'Arcy J.M. Cain:
> There's a new trick in the spammer's bag of tricks. Companies like
> strikeiron and briteverify are springing up promising to verify email
> addresses so that senders can limit sending invalid emails to MTAs and
> thus wind up on their suspicious
On Fri, 11 Jul 2014 21:06:59 +0200
"li...@rhsoft.net" wrote:
> > this message in at least three scenarios that I can see. One,
> > someone sends email to an invalid address and we reject the balance
> > of the session. Two, we reject the session because of an RBL.
> > Three, someone is probing t
Am 11.07.2014 22:16, schrieb D'Arcy J.M. Cain:
> On Fri, 11 Jul 2014 21:06:59 +0200
> "li...@rhsoft.net" wrote:
>>> this message in at least three scenarios that I can see. One,
>>> someone sends email to an invalid address and we reject the balance
>>> of the session. Two, we reject the sessi
On 7/11/2014 3:16 PM, D'Arcy J.M. Cain wrote:
> On Fri, 11 Jul 2014 21:06:59 +0200
> "li...@rhsoft.net" wrote:
>>> this message in at least three scenarios that I can see. One,
>>> someone sends email to an invalid address and we reject the balance
>>> of the session. Two, we reject the session
Noel Jones:
[ Charset ISO-8859-1 converted... ]
> On 7/11/2014 3:16 PM, D'Arcy J.M. Cain wrote:
> > On Fri, 11 Jul 2014 21:06:59 +0200
> > "li...@rhsoft.net" wrote:
> >>> this message in at least three scenarios that I can see. One,
> >>> someone sends email to an invalid address and we reject th
On 11 Jul 2014, at 16:16, D'Arcy J.M. Cain wrote:
On Fri, 11 Jul 2014 21:06:59 +0200
"li...@rhsoft.net" wrote:
this message in at least three scenarios that I can see. One,
someone sends email to an invalid address and we reject the balance
of the session. Two, we reject the session because
Thanks to everybody for the pointer to the good ideas and docs.
I read everything and made some mistakes but I have it working with the
flatfile style now!
Thanks
Arun
On Wednesday, July 9, 2014 11:59 PM, Narcis Garcia
wrote:
>
>
>As I understood, Postfix can deliver letters to a maildi
I am installing my Postfix server.
I am reading about the configuration options.
I see that there are many formats to use for lookups.
I see for exanple this
...
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp
Arun:
>I see that there are many formats to use for lookups.
>
>I see for exanple this
>
>...
>
>smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
>smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
>
>alias_maps = hash:/etc/aliases
>
>...
>
>in one example do
> I suggest that you use what is shown the examples.
I did use the Postfix documentation.
Is it wrong to ask questions? Is 'why' not allowable ? I guess it is because
you say so!
I have reading the mailing lists too and see you are the author. Why are you
always being such a mean old man to
On Fri, Jul 11, 2014 at 05:45:30PM -0700, Arun wrote:
> I can understand that there ARE diferences? I do not understand
> when to use which one.
It is conjectured that btree is perhaps better for random-access
read-write databases where Postfix maintains an update cursor for
cleanup of stale ent
21 matches
Mail list logo
