Re: Deferring all mails after milter inspection

2014-11-11 Thread li...@rhsoft.net
Am 11.11.2014 um 07:28 schrieb Nagy, Attila: On 11/10/14 13:47, Wietse Venema wrote: Nagy, Attila: What is the most effective way of giving back a 4XX temporary error for all mails in postfix, but in a way that they are delivered to milter programs (including message body, so smtpd_end_of_data

Re: Deferring all mails after milter inspection

2014-11-11 Thread Wietse Venema
Nagy, Attila: > On 11/10/14 13:47, Wietse Venema wrote: > > Nagy, Attila: > >> Hi, > >> > >> What is the most effective way of giving back a 4XX temporary error for > >> all mails in postfix, but in a way that they are delivered to milter > >> programs (including message body, so smtpd_end_of_data_

Re: Postfix and POODLE

2014-11-11 Thread Lars Heide
Am 10.11.2014 um 16:23 schrieb Viktor Dukhovni: > On Mon, Nov 10, 2014 at 09:28:17AM +0100, Lars Heide wrote: > >>> Was there a prior connection shortly before that where the handshake >>> failed for some other reason? >> >> No, there is no prior connection according to our logs, which is >> strang

Re: R: postfix TLS question

2014-11-11 Thread Wietse Venema
Salvatore Palazzolo: > Hi Wietse. > Could you please reply to this question? I already replied three weeks ago. Wietse Subject: Re: R: postfix TLS question To: Postfix users Date: Wed, 22 Oct 2014 07:27:49 -0400 (EDT) Message-ID: <3jn8zy3m5tzj...@spike.porcupine.org> From: wie...@porcup

Re: R: postfix TLS question

2014-11-11 Thread Viktor Dukhovni
On Tue, Nov 11, 2014 at 12:50:42PM -0500, Wietse Venema wrote: > > Is it possible avoid that if my Postfix send an email to an External > > Domain which is required to be encrypt in TLS, the email is kept in deferred > > queue? > > We would like in that case reject that because we think that it?s

Re: R: postfix TLS question

2014-11-11 Thread Wietse Venema
Viktor Dukhovni: > On Tue, Nov 11, 2014 at 12:50:42PM -0500, Wietse Venema wrote: > > > > Is it possible avoid that if my Postfix send an email to an External > > > Domain which is required to be encrypt in TLS, the email is kept in > > > deferred > > > queue? > > > We would like in that case rej

Re: R: postfix TLS question

2014-11-11 Thread Viktor Dukhovni
On Tue, Nov 11, 2014 at 01:49:19PM -0500, Wietse Venema wrote: > > > http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter > > > > Yes, this "works", but it is very much not recommended. When > > receiving systems botch their certificate chains (expired, incomplete > > chain, ...) a

Re: Anonymous TLS connecttion despite DANE/DNSSEC

2014-11-11 Thread Bernhard Schmidt
Hi Viktor, > On Fri, Nov 07, 2014 at 07:48:02PM +0100, Bernhard Schmidt wrote: > >>> DANE does not apply to unsigned domains, even though the MX host >>> might have TLSA RRs. >> >> Ah right, thanks for pointing that out. Should I be concerned that >> sometimes anonymous TLS is chosen? > > No. I