On 12/9/15 10:59 PM, Tom Hendrikx wrote:
>> unbound-host -rvD spike.porcupine.org
>> unbound-host -rvD postfix.org
>> unbound-host -rvD mail.cloud9.net
> Most DNSxLs are ip based, not hostname based.
In fact I used the reverse IP to query the DNSBL.
> The client's ip is provided by the tcp/ip
Hi,
I've configured postfix (2.10.1 from CentOS 7) to deliver mail to
dovecot over LMTP (which is configured to use LDAP). I've noticed the
following behaviour which seems strange to me.
1. When postfix is configured to use ldap for canonical and alias
lookups (see config below), but not for
Rik Theys:
> then postfix will deliver mail for 'user1' to dovecot (who delivers it
> to the mailbox). Postfix will not look at the forward file for that user
> in that case.
If you mean ${forward_path}, then as documented that is a local(8)
delivery agent feature, not an lmtp(8) delivery agent
Hello,
does anyone here have statistics about DANE enabled mail servers? And
maybe also a timeline showing an increase (hopefully)? I'm running DANE
for some time now and I don't ever get a Verified connection (except to my
second server). That's a bit discouraging. I'd like to have at least o
Hi,
>> This originated with me trying to have a better understanding of SPF.
>> check_sender_access consults $mynetworks to determine which servers
>> can send mail as my domain.
>
> Eh? check_sender_access can only check the envelope sender address,
> not a network or hostname.
Yes, thanks, I do
I look forward to read the stats from https://dane.sys4.de/
On 12/10/15 3:29 PM, Dirk Stöcker wrote:
Hello,
does anyone here have statistics about DANE enabled mail servers? And
maybe also a timeline showing an increase (hopefully)? I'm running
DANE for some time now and I don't ever get a
On 12/10/2015 8:39 AM, Alex wrote:
>>
>> This is independent of SPF. The rules discussed blocks your domain
>> as envelope sender except for a whitelist you have specified
>> (permit_mynetworks).
>
> Yes, and that was part of my concern. There are includes in our SPF
> record for networks that we
On 12/10/2015 9:29 AM, Dirk Stöcker wrote:
> Hello,
>
> does anyone here have statistics about DANE enabled mail servers? And
> maybe also a timeline showing an increase (hopefully)? I'm running DANE
> for some time now and I don't ever get a Verified connection (except to my
> second server).
On Thu, Dec 10, 2015 at 03:29:55PM +0100, Dirk Stöcker wrote:
> does anyone here have statistics about DANE enabled mail servers?
The majority of the domains are small ("vanity") domains of early
adopters like you. I've found ~9600 of these, but there at least
around 20,000 more (hosted by udmed
On Thu, Dec 10, 2015 at 01:10:52PM +0100, sb wrote:
> We must find a way to reject telnet-like cloud-based e-mails.
A little knowledge is a dangerous thing. You've convinced yourself
that you thoroughly understand more than you do, and have become
noticeably dogmatic about it. You've received t
--On Wednesday, December 02, 2015 9:05 AM -0500 Wietse Venema
wrote:
Selcuk Yazar:
Thank you Koko for warning , hopelessly i try to my chance :(
but i found this after ,i sent email
"...From a cursory inspection of lib/pwcheck.c, saslauthd does not get
passed
any client IP information and c
I've seen issues with postdrop for years, complaining that about permission
denied errors, such as:
postfix/postdrop[4158]: warning: mail_queue_enter: create file
maildrop/768314.4158: Permission denied
I'm not entirely clear why they occur. It seems related to postfix being
stopped while a
Quanah Gibson-Mount:
> --On Wednesday, December 02, 2015 9:05 AM -0500 Wietse Venema
> wrote:
>
> > Selcuk Yazar:
> >> Thank you Koko for warning , hopelessly i try to my chance :(
> >>
> >> but i found this after ,i sent email
> >>
> >> "...From a cursory inspection of lib/pwcheck.c, saslauthd
--On Thursday, December 10, 2015 2:02 PM -0500 Wietse Venema
wrote:
This is not completely trivial because the port information needs
to be consistent with information from proxies, postscreen, and
XCLIENT, otherwise results will be incorrect.
Ok, good to know. Is there any general timeline
Quanah Gibson-Mount:
> --On Thursday, December 10, 2015 2:02 PM -0500 Wietse Venema
> wrote:
>
> > This is not completely trivial because the port information needs
> > to be consistent with information from proxies, postscreen, and
> > XCLIENT, otherwise results will be incorrect.
>
> Ok, good
Quanah Gibson-Mount:
> I've seen issues with postdrop for years, complaining that about permission
> denied errors, such as:
>
> postfix/postdrop[4158]: warning: mail_queue_enter: create file
> maildrop/768314.4158: Permission denied
>
> I'm not entirely clear why they occur.
Note: the permiss
--On Thursday, December 10, 2015 2:27 PM -0500 Wietse Venema
wrote:
Really, it is as simple as a user-land program that calls open()
and gets access denied by the kernel. If that is not 100% reproducible
then you have a flaky kernel, a flaky file system, or some "security"
system with a flaky
--On Thursday, December 10, 2015 2:29 PM -0500 Wietse Venema
wrote:
Quanah Gibson-Mount:
--On Thursday, December 10, 2015 2:02 PM -0500 Wietse Venema
wrote:
> This is not completely trivial because the port information needs
> to be consistent with information from proxies, postscreen, and
On 12/10/15 5:19 PM, Viktor Dukhovni wrote:
On Thu, Dec 10, 2015 at 01:10:52PM +0100, sb wrote:
We must find a way to reject telnet-like cloud-based e-mails.
A little knowledge is a dangerous thing. You've convinced yourself
that you thoroughly understand more than you do, and have become
not
On Thu, 10 Dec 2015, Viktor Dukhovni wrote:
There are just ~30 domains with TLSA records that large enough for you
to have heard of them. Here's a sample:
...
bund.de
Sadly that's only the main domain. Each subsection has own servers, so
bkg.bund.de does not support DANE ATM and that'
Quanah Gibson-Mount:
> --On Thursday, December 10, 2015 2:27 PM -0500 Wietse Venema
> wrote:
>
> > Really, it is as simple as a user-land program that calls open()
> > and gets access denied by the kernel. If that is not 100% reproducible
> > then you have a flaky kernel, a flaky file system, or
--On Thursday, December 10, 2015 4:35 PM -0500 Wietse Venema
wrote:
If some breakage is specific to one software distribution, then I
would investigate the distribution, instead of blaming the messenger.
You could investigate whether AppArmor has a problem with set-gid
write permissions.
Th
On Thu, Dec 10, 2015 at 10:02:38PM +0100, Dirk Stöcker wrote:
> P.S. Maybe some is interested. I'm currently improving the "tlsa" tool from
> hash-slinger (https://github.com/letoams/hash-slinger) to properly support
> STARTTLS and SNI. Some changes are still pending, but I'm positive they will
>
Hi,
>>> This is independent of SPF. The rules discussed blocks your domain
>>> as envelope sender except for a whitelist you have specified
>>> (permit_mynetworks).
>>
>> Yes, and that was part of my concern. There are includes in our SPF
>> record for networks that we don't control. I don't want
--On Thursday, December 10, 2015 2:45 PM -0800 Quanah Gibson-Mount
wrote:
--On Thursday, December 10, 2015 4:35 PM -0500 Wietse Venema
wrote:
If some breakage is specific to one software distribution, then I
would investigate the distribution, instead of blaming the messenger.
You could in
On 12/10/2015 9:17 PM, Alex wrote:
>> In that case, rather than using permit_mynetworks you should use a
>> separate check_client_access that permits all the authorized IPs.
>>
>> Make sure to do this in smtpd_sender_restrictions so that settings
>> here don't affect relay rules.
>
> So where I pr
26 matches
Mail list logo
