On 17 October 2017 at 03:40, Viktor Dukhovni
wrote:
> On Mon, Oct 16, 2017 at 10:05:07PM -0400, J Doe wrote:
>
> > My questions are:
> >
> > 1. When using Postfix and virtual domain hosting in this fashion, is
> > there any way to pass SPF when mail from a sending account is forwarded
> > to ano
On 17/10/2017 5:11 PM, Viktor Dukhovni wrote:
> The only way to find out they don't exist is to ask.
Very good.
> No TLSA records were found, perhaps because the "A" records were
> reported insecure, or because the TLSA records don't exist.
TLSA record is present. The sys4 Dane SMTP validato
Hello Mauricio
> Have you tried fail2ban?
Yes, i have installed and configured, this are realy a helping and usefully
tool!
Thanks for your fast answer!
Maurizio
Hello Together
I'am running with Debain Jessie 8.9, i play with the ideea upgrade the
system 8.9 ->Stretch.
Please existing here any complication, or/after the upgrade i need to
reconfigure the hole mailserver?
I see that Stretch are armed with Postfix 3.x
I know this are not a specifi
> On Oct 17, 2017, at 3:58 AM, Mal wrote:
>
>> There's no such thing as "AD records".
>
> Was just a shortcut for 'Authoritative domain record'.
I've never seen that phrase before.
> The zone exists on that resolver and is queried directly.
> Will avoid lo[o]se english in future.
So it seem
for me it was a good and easy upgrade from jessie to stretch.
Things i needed to change/run was this :
# for postfix
postconf compatibility_level=2 && postfix reload
# for ntp
sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/restrict -4
default kod notrap nomodify nope
Hello,
Postfix currently allows two modes of operation when a message arrives
at the target more than once:
1. With recipient deduplication, but no X-Original-To
header(enable_original_recipient=yes)
2. With X-Original-To header, but no recipient deduplication
(enable_original_recipient=no)
Whi
For postfix it will be easy enough, just study http://www.postfix.org/
COMPATIBILITY_README.html.
I went from Ubuntu 14.04 (based on jessie and uses postfix 2.x) to 16.04
(based on stretch, uses postfix 3.x) a while ago, I had a few problems
relating to the change from upstart/sysinitv to system
On 17/10/2017 7:14 PM, Viktor Dukhovni wrote:
> So it seems that the machine in question has the authoritative
> server for the zone as its recursive server. Such mixing of
> authoritative and recursive workloads is discouraged these days,
> and critically, it breaks DANE in Postfix for any aut
On Mon, Oct 16, 2017 at 10:05:07PM -0400, J Doe wrote:
> I have two questions regarding using SPF when I am using Postfix
> with virtual domain hosting.
>
> I currently have an SPF record in my DNS:
>
> example.comTXT“v=spf1 ip4:1.2.3.4/32 ip6:1:2:3::4/128 ?all”
.^no dot? ^
On Tue, Oct 17, 2017 at 08:28:02PM +1030, Mal wrote:
> On 17/10/2017 7:14 PM, Viktor Dukhovni wrote:
>
> > So it seems that the machine in question has the authoritative
> > server for the zone as its recursive server. Such mixing of
> > authoritative and recursive workloads is discouraged thes
Il 2017-10-16 19:07 A. Schulze ha scritto:
[..]
postfix and sendmail/milter use different notation to describe the
same socket location.
http://www.postfix.org/MILTER_README.html#smtp-only-milters
vs.
http://opendkim.org/opendkim.conf.5.html (search for "Socket" ...)
to me your setup looks fine
https://cyber.dhs.gov
Binding Operational Directive 18-01 enforces some basic email security, notably
with DMARC set to reject. Perhaps this will set a trend. Not necessarily for
DMARC settings, but at least more servers will be set up properly not to be
rejected.
On 17.10.17 19:07, Gary wrote:
> https://cyber.dhs.gov/
> Binding Operational Directive 18-01 enforces some basic email
> security, notably with DMARC set to reject.
Interesting choice of words there.
DMARC [...] tells a recipient what the domain owner would like done
with the message.
True
I'm of the opinion that the email client should indicate the presence of DKIM
and SPF, then the user can decide what to do with the message. When I suggested
this to Claws, I was encouraged to write my own plugin. I did learn Claws has a
control-H feature to quickly display the header. Better th
On 18/10/2017 1:17 AM, /dev/rob0 wrote:
> Um, validation is exclusively done on NON-authoritative lookup
> results. I'm not sure what you are thinking. In order:
This was pointed out previously.
> 1. dnssec-enable no; would prevent your BIND server from serving
> required records from a si
Rick van Rein:
> 3. With possibly multiple X-Original-To headers (or one header with
> multiple addresses) as a result of recipient deduplication
> (enable_original_recipient=collect)
Won't happen. By design, the code that writes queue files stores
final and original recipient information together
Hi Viktor,
> On Oct 16, 2017, at 10:40 PM, Viktor Dukhovni
> wrote:
>
>> 1. When using Postfix and virtual domain hosting in this fashion, is
>> there any way to pass SPF when mail from a sending account is forwarded
>> to another host (ie: Gmail) ?
>
> This requires SRS, and fairly effective
Hi /dev/rob0,
> On Oct 17, 2017, at 10:26 AM, /dev/rob0 wrote:
>> As an example case, if I send an e-mail from a Hotmail account to
>> an address on my server it then forwards that mail to the user’s
>> GMail e-mail address.
>
> Another example to consider is when spam gets through your lines
Hi Wietse,
> On Oct 11, 2017, at 7:11 PM, Wietse Venema wrote:
>
> J Doe:
>> Hi,
>>
>> I have a syntax question regarding configuring mandatory TLS encryption for
>> the smtp process as listed on: www.postfix.org/TLS_README.html#client_tls
>>
>> In the second example on the page, square brack
On Tue, Oct 17, 2017 at 11:03:46PM -0400, J Doe wrote:
> “The [] enclose a hostname which is to be looked up as a type A or
> record. Without the [] first a lookup of type MX is done, and
> where found, prioritized lookups of further hostnames (A or )
> would be done.
That's what the
> On Oct 18, 2017, at 12:45 AM, Viktor Dukhovni
> wrote:
>
> The documentation for the TLS policy table clearly states that the
> lookup key for the TLS policy is the *verbatim* nexthop.
http://www.postfix.org/TLS_README.html#client_tls_policy
The TLS policy table is indexed by the full
> On Oct 17, 2017, at 5:58 AM, Mal wrote:
>
> Bingo. That information certainly explains the behavior observed.
>
> Does this therefore require DNSSEC-validation to be set to "no" (for the
> authoritative NS):
> dnssec-enable yes;
This must stay "yes" or else you DoS your domain.
> dnss
23 matches
Mail list logo
