Hello
Hope you'll be able to help me again, I'm having problems with a postfix
(2.8.5) not being able to send e-mail to a domain because the server
certificate is untrusted and the TLS policy is set to "verify". It used
to work, but the certificate of the site has changed.
The domain in question
Hi Guys,
I have postfix setup on a Debian system that manages all my mail. However,
whenever php is sending mail it sends it under user "www-data". I tried changing
the headers in php but it remains the same.
Is there someway I can change this to a more friendly name via postfix?
It is not a tra
On 2015-02-03 13:17, Danny wrote:
Hi Guys,
I have postfix setup on a Debian system that manages all my mail. However,
whenever php is sending mail it sends it under user "www-data". I tried changing
the headers in php but it remains the same.
Is there someway I can change this to a more friendl
Am 03.02.2015 um 13:17 schrieb Danny:
I have postfix setup on a Debian system that manages all my mail. However,
whenever php is sending mail it sends it under user "www-data". I tried changing
the headers in php but it remains the same.
Is there someway I can change this to a more friendly nam
> Am 03.02.2015 um 13:17 schrieb Danny :
>
> Hi Guys,
>
> I have postfix setup on a Debian system that manages all my mail. However,
> whenever php is sending mail it sends it under user "www-data". I tried
> changing
> the headers in php but it remains the same.
>
> Is there someway I can cha
On 3 Feb 2015, at 11:25, Christian Rößner
wrote:
>
> php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f
> foo...@example.org
Don't put a space between the `-f` and the address, it should be like
`-ffoo...@example.org`.
On 3 Feb 2015, at 11:26, li...@rhsoft.net wrote:
>
> just don'
I'm trying to build Postfix 3.0.0 with dynamic loadable module support
(it builds fine without). When I add shared=yes dynamicmaps=yes to make
makefiles I get the following (fpaste of build.log from mock):
http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
Note that the errors i
Peter:
> I'm trying to build Postfix 3.0.0 with dynamic loadable module support
> (it builds fine without). When I add shared=yes dynamicmaps=yes to make
> makefiles I get the following (fpaste of build.log from mock):
> http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
>
> Not
> Am 03.02.2015 um 11:53 schrieb Marcus Bointon :
>
> On 3 Feb 2015, at 11:25, Christian Rößner
> wrote:
>>
>> php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f
>> foo...@example.org
>
> Don't put a space between the `-f` and the address, it should be like
> `-ffoo...@example.org
On Tue, Feb 03, 2015 at 10:07:11AM +0100, Tobias Reckhard wrote:
> postfix/smtp[4535]: mx16a.antispameurope.com[94.100.134.100]:25:
> certificate verification depth=2 verify=1 subject=/C=DE/O=Deutsche
> Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
The constructed chain inclu
On Tue, Feb 03, 2015 at 11:53:55AM +0100, Marcus Bointon wrote:
> On 3 Feb 2015, at 11:25, Christian R??ner
> wrote:
> >
> > php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f
> > foo...@example.org
>
> Don't put a space between the `-f` and the address, it should be like
> `-ffoo..
On Tue, Feb 03, 2015 at 04:41:40PM +, Viktor Dukhovni wrote:
> If your Postfix is old enough, and is linked against OpenSSL 0.9.8,
> it only supports md5 and sha1.
"Old enough" means older than these:
Date: Thu Sep 5 08:54:24 2013 -0400
postfix-2.7.15
Date: Thu Sep 5 08
On 3 Feb 2015, at 17:48, Viktor Dukhovni wrote:
>
> Actually, DO put a space in. Some day you'll write a shell script
> of the form:
>
> /usr/sbin/sendmail -f "$sender" ...
>
> which will work even when the sender address is empty, the non-space
> variant will break:
>
> /usr/sbin
Marcus Bointon:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 3 Feb 2015, at 17:48, Viktor Dukhovni wrote:
> >
> > Actually, DO put a space in. Some day you'll write a shell script
> > of the form:
> >
> > /usr/sbin/sendmail -f "$sender" ...
> >
> > whic
I have to two spearate postfix installations where I have a postfix server
that does some initial processing - such as address re-writing, signing, and
mailing list expansion. One of them works as expected, and the other fails
when doing the mailing list expansion. Specifically:
If I send an
On 02/04/2015 01:25 AM, Wietse Venema wrote:
> Execute the following commands by themselves, not as part of
> some insnaly complicated Linux build process.
>
> make makefiles
> make
>
> If that works without error, then you made a mistake with the Linux
> build process.
Still does the same
System Support:
> Feb 3 14:00:45 Falcon postfix/qmgr[9871]: B7B19139238:
> from=, size=880, nrcpt=1 (queue active)
> Feb 3 14:00:46 Falcon postfix/smtp[10513]: B7B19139238: to=,
> relay=email-smtp.us-east-1.amazonaws.com[184.73.222.29]:25, delay=0.88,
> delays=0.03/0.03/0.7/0.12, dsn=5.0.0, st
Peter:
> On 02/04/2015 01:25 AM, Wietse Venema wrote:
> > Execute the following commands by themselves, not as part of
> > some insnaly complicated Linux build process.
> >
> > make makefiles
> > make
> >
> > If that works without error, then you made a mistake with the Linux
> > build proce
System Support:
> Feb 3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221:
> message-id=<54d11add.13406.1e4...@editor.wpny.us>
> Feb 3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221:
> from=, size=717, nrcpt=1 (queue active)
> Feb 3 14:00:45 Falcon postfix/local[10512]: A450A139221:
> to=,
On Tue, Feb 03, 2015 at 03:45:21PM -0500, Wietse Venema wrote:
> System Support:
> > Feb 3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221:
> > message-id=<54d11add.13406.1e4...@editor.wpny.us>
> > Feb 3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221:
> > from=, size=717, nrcpt=1 (queue a
Viktor Dukhovni:
> On Tue, Feb 03, 2015 at 03:45:21PM -0500, Wietse Venema wrote:
>
> > System Support:
> > > Feb 3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221:
> > > message-id=<54d11add.13406.1e4...@editor.wpny.us>
> > > Feb 3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221:
> > > fr
On 02/04/2015 09:16 AM, Wietse Venema wrote:
> OK, show the complete "make makefiles" command that you used without
> the insanely complicated Linux build process. I have a few Linux
> boxen where I can try that command myself.
The full "make makefiles" was:
make -f Makefile.init makefiles shared=
On 02/04/2015 09:59 AM, Peter wrote:
> I simplified it down to this and was still got the error:
> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If I remove the -pie from AUXLIBS (either from the simplified version or
> the full version) it builds just fine. It also builds just fine
Changinig from WPNY to w...@maila.myserver.com did fix the problem. I have not
had to add
the domain in the past, but I was not relaying to Amazon, and Amazon does
verify the source
address, and I guess that they require a fully qualified name. And, based on
your other
response, I gather t
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
> I simplified it down to this and was still got the error:
> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want PIE support, you'll need to use "-fPIE" (upper-case).
This makes it possible to enable ASLR for the Postfix bina
System Support:
> Changinig from WPNY to w...@maila.myserver.com did fix the problem.
> I have not had to add the domain in the past, but I was not relaying
> to Amazon, and Amazon does verify the source
> address, and I guess that they require a fully qualified name.
> And, based on your other re
On Tue, Feb 03, 2015 at 04:13:23PM -0500, System Support wrote:
> Changinig from WPNY to w...@maila.myserver.com did fix the problem. I have
> not had to add
> the domain in the past, but I was not relaying to Amazon, and Amazon does
> verify the source
> address, and I guess that they requir
On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
> On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
>
>> I simplified it down to this and was still got the error:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If you want PIE support, you'll need to use "-fPIE" (upper-case).
>
On Wed, Feb 04, 2015 at 10:45:23AM +1300, Peter wrote:
> On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
> > On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
> >
> >> I simplified it down to this and was still got the error:
> >> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
> >
>
Viktor Dukhovni:
> On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
>
> > I simplified it down to this and was still got the error:
> > make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If you want PIE support, you'll need to use "-fPIE" (upper-case).
> This makes it possible to e
Viktor Dukhovni:
> On Tue, Feb 03, 2015 at 04:13:23PM -0500, System Support wrote:
>
> > Changinig from WPNY to w...@maila.myserver.com did fix the problem. I have
> > not had to add
> > the domain in the past, but I was not relaying to Amazon, and Amazon does
> > verify the source
> > addres
On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
> No, not CCARGS, AUXLIBS:
>
> make -f Makefile.in shared=yes "AUXLIBS=-fPIE" makefiles
> make
>
> works with the GCC toolchain on my machine.
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
On 02/04/2015 10:49 AM, Wi
Thanks. I do not see the ORPT option in my log. Is it implied by one of the
other entries?
As far as the 'blunt tool', all of the mail processed by this instance will be
relayed to Amazon.
What are the disadvantages of the smtp_discard_ehlo_keywords that you suggested
in that
case?
On 3
On Wed, Feb 04, 2015 at 11:11:43AM +1300, Peter wrote:
> On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
> > No, not CCARGS, AUXLIBS:
> >
> > make -f Makefile.in shared=yes "AUXLIBS=-fPIE" makefiles
> > make
> >
> > works with the GCC toolchain on my machine.
>
> make makefiles shared=yes
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
>> ...fails
>
> Of course it does. You used both "-fPIE" and "-fpie".
No, I used both -fPIE and -pie (without the "f").
Peter
On Tue, Feb 03, 2015 at 05:28:24PM -0500, System Support wrote:
> As far as the 'blunt tool', all of the mail processed by this instance will
> be relayed to Amazon.
> What are the disadvantages of the smtp_discard_ehlo_keywords that you
> suggested in that
> case?
I generally disable DNS a
On Tue, 3 Feb 2015 17:06:14 +1300
Jeremy Bowen wrote:
> From here it looks like I need to initially add the following lines
> to master.cf:
> filterunix - n n - 10 pipe
> flags=Rq user=filter null_sender=
> argv=/usr/local/bin/myscript -f ${sender} -- ${r
System Support:
> Thanks. I do not see the ORPT option in my log. Is it implied
> by one of the other entries?
Postfix normally does not log SMTP commands. That would be alot of logging.
> As far as the 'blunt tool', all of the mail processed by this
> instance will be relayed to Amazon. What
On Tue, Feb 03, 2015 at 04:51:21PM -0500, Wietse Venema wrote:
> > That depends on whether Amazon is objecting to "ORCPT" or message
> > headers. If you want to definitively know what the problem is,
> > you'd have to test with messages carefully crafted to have just
> > the "To:" header or just
Viktor Dukhovni:
> On Tue, Feb 03, 2015 at 04:51:21PM -0500, Wietse Venema wrote:
>
> > > That depends on whether Amazon is objecting to "ORCPT" or message
> > > headers. If you want to definitively know what the problem is,
> > > you'd have to test with messages carefully crafted to have just
>
Am 03.02.2015 um 23:35 schrieb Peter:
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
Of course it does. You used both "-fPIE" and "-fpie".
No, I used both -fPIE and -pie (without the "f")
BUT one belongs to CCARGS and
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
> BUT one belongs to CCARGS and the other to AUXLIBS
> re-read the previous mails in this thread!
...and from one of *my* previous emails:
> make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
>
> ...also fails
Can you suggest the combina
On Tue, Feb 03, 2015 at 07:23:09PM -0500, Wietse Venema wrote:
> > > Postfix will rewrite the To: header. He has append_at_myorigin=yes.
> >
> > Even if the client is "remote" (no match in local_header_rewrite_clients)?
>
> So your idea is the SMTP client sent "RCPT TO:" and "To: WPNY"?
Yes, an
Am 04.02.2015 um 02:31 schrieb Peter:
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
BUT one belongs to CCARGS and the other to AUXLIBS
re-read the previous mails in this thread!
...and from one of *my* previous emails:
make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
...also
On Wed, Feb 04, 2015 at 02:31:37PM +1300, Peter wrote:
> Can you suggest the combination with -pie that is supposed to work and
> actually *does* work?
It may be tricky, Postfix applies "AUXLIBS" when building both the
final executables, and the shared libraries, but it seems that
"-pie" is not a
I am trying to get a new installation of postfix up and running. The specifics
are:
Raspbian Wheezy
Postfix 2.9.6
All updates are current
I have configured it using sasl to connect to an SMTP server via port 587. I
have configured the SMTP server and its associated username:password in the
sasl
On Tue, Feb 03, 2015 at 05:54:00PM -0800, Jim McCorison wrote:
> I am trying to get a new installation of postfix up and running. The
> specifics are:
> Raspbian Wheezy
> Postfix 2.9.6
> All updates are current
>
> I have configured it using sasl to connect to an SMTP server via port 587. I
> h
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
> It may be tricky, Postfix applies "AUXLIBS" when building both the
> final executables, and the shared libraries, but it seems that
> "-pie" is not appropriate for shared libraries. Additinal "makedefs"
> and Makefile.in logic would be required to c
On 02/04/2015 02:46 PM, li...@rhsoft.net wrote:
> not for dynamic build but that below is from my rpmbuilder and it's a
> hardened build supporting ASLR
> AUXLIBS="-lpcre -L%{_libdir}/mysql -lmysqlclient -lm -L%{_libdir}/sasl2
> -lsasl2 -lssl -lcrypto -pie -Wl,-z,now -Wl,-z,relro,-z,noexecstack"
Am 04.02.2015 um 03:31 schrieb Peter:
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
It may be tricky, Postfix applies "AUXLIBS" when building both the
final executables, and the shared libraries, but it seems that
"-pie" is not appropriate for shared libraries. Additinal "makedefs"
and Makefi
On Wed, Feb 04, 2015 at 03:31:03PM +1300, Peter wrote:
> Well for now, then I'll just have to remove -pie, but if I can get that
> in as a feature request to make -pie work with shared=yes, then I would
> really appreciate it. Not sure if it should be considered a blocker for
> 3.0.0 or not, thou
On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> We've never supported "pie", so if shared libraries don't work with
> "pie" that's not a bug. Perhaps "pie" support could be considered
> for 3.1.
Ok, I'm fine with that.
Peter
> On Feb 3, 2015, at 6:13 PM, Viktor Dukhovni
> wrote:
>
> On Tue, Feb 03, 2015 at 05:54:00PM -0800, Jim McCorison wrote:
>
>> I am trying to get a new installation of postfix up and running. The
>> specifics are:
>> Raspbian Wheezy
>> Postfix 2.9.6
>> All updates are current
>>
>> I have c
On Wed, Feb 04, 2015 at 03:40:51PM +1300, Peter wrote:
> On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> > We've never supported "pie", so if shared libraries don't work with
> > "pie" that's not a bug. Perhaps "pie" support could be considered
> > for 3.1.
>
> Ok, I'm fine with that.
The low-
On Tue, Feb 03, 2015 at 07:00:58PM -0800, Jim McCorison wrote:
> >2. You're mistaken.
>
> Feb 3 18:34:06 raspbx postfix/smtp[2912]: E7E6B20A9D:
> to=, relay=[nnn.nnn.nnn.nnn]:587, delay=1.3,
> delays=0.05/0.12/0.89/0.22, dsn=5.0.0, status=bounced (host
> [nnn.nnn.nnn.nnn] said: 550-Verifi
I can't find SDBM_README in the 3.0.0-RC1 files.
Peter
On 02/04/2015 04:07 PM, Viktor Dukhovni wrote:
> The low-level details are easy, the hard part is the interface
> glue. How should users be able to specify such flags, updating
> the INSTALL documentation, ...
>
> For a preview of a brute-force hack that makes it work, apply
> the patch below:
>
On Wed, Feb 04, 2015 at 05:00:40PM +1300, Peter wrote:
> This is more along the lines of, I'm building 3rd-party postfix packages
> for CentOS, the current stable postfix packages (sourced from Fedora)
> have -pie enabled and so I'd like to keep it enabled if at all possible.
Yes, but they did no
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> Yes, but they did not use shared libraries. The compatible thing
> to do would be a statically linked build. Once you're changing
> the build, you may as well drop PIE support for now.
Right, I would not have pursued pie support much further, but
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> However, if my quick hack works, let us know, at least we'll know
> what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be position
independent.
Peter
On Wed, Feb 04, 2015 at 06:12:07PM +1300, Peter wrote:
> On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> > However, if my quick hack works, let us know, at least we'll know
> > what needs to be done to support this at some point later.
>
> It works, hardening check shows all the executables to b
On 02/04/2015 06:15 PM, Viktor Dukhovni wrote:
> And they still work I hope, ... If you can, please also check that
> dynamic maps still load.
I would hope so but I haven't actually run them yet. I will be pushing
them out to my testing repo soon and get some people to test.
Peter
62 matches
Mail list logo
