On Wednesday, January 20, 2021 6:23:22 PM CET Curtis Maurand wrote:
Hello,
Natan> Or use two ldap - master- slave and use haproxy like
Natan> [...]
Natan> tcp-check send-binary 04008000 # name, simple authentication
Natan> tcp-check expect binary 0a0100 # bind response + result code: success
Na
I've been seeing this error for this one host. My first reaction was
that the host was incorrectly configured, but the IP (92.103.176.37)
reverse resolves to mail.mairie-carquefou.fr, which in turn resolves to
that IP. In addition, the MX for mairie-carquefou.fr is
mail.mairie-carquefou.fr (and m
On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:
> I've been seeing this error for this one host. My first reaction was
> that the host was incorrectly configured, but the IP (92.103.176.37)
> reverse resolves to mail.mairie-carquefou.fr, which in turn resolves to
> that IP. In ad
> Date: Thursday, January 21, 2021 15:24:10 +0100
> From: "Herbert J. Skuhra"
>
> On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:
>> I've been seeing this error for this one host. My first reaction
>> was that the host was incorrectly configured, but the IP
>> (92.103.176.37)
On 21/01/2021 15:31, Richard wrote:
>> Date: Thursday, January 21, 2021 15:24:10 +0100
>> From: "Herbert J. Skuhra"
>>
>> On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:
>>> I've been seeing this error for this one host. My first reaction
>>> was that the host was incorrectly con
Dnia 21.01.2021 o godz. 15:44:04 Jeff Abrahamson pisze:
> >450 4.7.1 :
> >Helo command rejected: Host not found;
> >
> > which doesn't appear to resolve.
>
> OK, thanks, that's what I'd tentatively concluded, but it's a kind of
> big ISP (OVH), so I have to at least ask myself if I've mis
On Thu, Jan 21, 2021 at 09:58:30AM +0100, Ganael Laplanche wrote:
> On Wednesday, January 20, 2021 6:23:22 PM CET Curtis Maurand wrote:
> Natan> Or use two ldap - master- slave and use haproxy like
> Natan> [...]
> Natan> tcp-check send-binary 04008000 # name, simple authentication
> Natan> tcp-
I'm revisiting blocking certain attachments. A multi part question:
Implementation, logging, testing.
Seems the accepted way to do attachment blocking is something like this:
in /etc/postfix/main.cf added, without quotes: "mime_header_checks =
regexp:/etc/postfix/block_attachments"
in /etc
Dnia 21.01.2021 o godz. 11:15:49 Viktor Dukhovni pisze:
>
> Postfix already (as a matter of best-practice) supports proxymap(8)
> between the smtpd(8), cleanup(8), ... and the LDAP server, just specify
> the table as "proxy:ldap:..." instead of "ldap:..."
But I was thinking about a very specific
> I'm revisiting blocking certain attachments. A multi part question:
> Implementation, logging, testing.
>
> Seems the accepted way to do attachment blocking is something like this:
>
> in /etc/postfix/main.cf added, without quotes: "mime_header_checks =
> regexp:/etc/postfix/block_attachm
Joe Acquisto-j4:
> I have read some discussions on DISCARD and, for my purpose, it suits. I
> think.
>
> Is the action logged anywhere? I have not seen it. If not, can it be done?
It is syslogged with the same syslog facility and severity "info"
as routine Postfix logging.
If you don't see l
I currently have mail for ch...@isbd.co.uk and c...@isbd.net forwarded
by my hosting service to a Postfix server on my desktop machine (which
is zbmc.eu). The Postfix configuration is fairly simple, just accepts
mail for the zbmc.eu domain and sends mail via my hosting service's
smarthost.
I want
On Thu, Jan 21, 2021 at 03:44:04PM +0100, Jeff Abrahamson wrote:
> >> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
> >>
> >> reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname)
> >> Reject the request when the HELO or EHLO hostname has no DNS A or MX
> >>
Chris Green:
> I currently have mail for ch...@isbd.co.uk and c...@isbd.net forwarded
> by my hosting service to a Postfix server on my desktop machine (which
> is zbmc.eu). The Postfix configuration is fairly simple, just accepts
> mail for the zbmc.eu domain and sends mail via my hosting service
On Thu, Jan 21, 2021 at 09:15:01PM +, Chris Green wrote:
> The VPS has postfix version 3.3, my desktop has version 3.5.6, am I
> likely to encounter any problems with a similar main.cf on the older
> version? I realise I have to change the myorigin, mydestination and
> myhostname but I'm hopi
> "Ganael" == Ganael Laplanche writes:
Ganael> H... If we put the dump before, we will loose our 7-days
Ganael> window to react. What could be done maybe is have 2 hash maps
Ganael> and not use LDAP at all : 1 file generated every hour and our
Ganael> 7-days old dump as a second choice.
On Thu, Jan 21, 2021 at 04:33:07PM -0500, Wietse Venema wrote:
> Chris Green:
> > I currently have mail for ch...@isbd.co.uk and c...@isbd.net forwarded
> > by my hosting service to a Postfix server on my desktop machine (which
> > is zbmc.eu). The Postfix configuration is fairly simple, just acce
Hi,
do someone know how can i make postfix show the absolute path for the
TLS certificate used?
The thing is Postfix shows the following error but I'm not able to
find any expired certificate in the system. Postfix config file seems
fine but obviously there's some kind of mistake on my side so I
On 21 Jan 2021, at 17:19, Pau Peris wrote:
> do someone know how can i make postfix show the absolute path for the
> TLS certificate used?
postconf smtpd_tls_cert_file
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Curren
Hi,
thanks a lot for your answer.
I'm on a SNI scenario. Postfix has been working without issues for
years but last months I move to an SNI scenario, obviously made some
mistake and now a certificate is expired but I'm not able to find it.
I've coded a little bash script which check the expirati
On Thu, Jan 21, 2021 at 11:19:13PM +0100, Pau Peris wrote:
> Does someone know how I can make postfix show the absolute path for the
> TLS certificate used?
There is no such feature. But if you're not using SNI, the certificate
chain is the same for all clients, and you can just connect to your
Thanks for the tips :)
I'm running the following command which shows the content of the
expired certificate butI'm getting crazy finding the certificate even
when I have the content of it. For sure it's not in /etc, I've checked
with egrep -Ri MIIIpTCCB42gAwIBAgISBNq8AcDQ9eonDq3bUFDfFOmYMA0GCSqGSI
On Fri, Jan 22, 2021 at 12:00:25AM +0100, Pau Peris wrote:
> I'm running the following command which shows the content of the
> expired certificate but I'm getting crazy finding the certificate even
> when I have the content of it. For sure it's not in /etc, ...
Postfix loads certificates exactly
Hi, thanks a lot for the answers.
The system has been running fine for years since some months ago I
implemented SNI and created a new certificate for webeloping.es and
let the old one expire. Obviously i updated Postfix config files
accordingly but it looks like i made some mistake.
The problem
On Fri, Jan 22, 2021 at 12:24:28AM +0100, Pau Peris wrote:
> That's the one I use now:
> smtpd_tls_chain_files =
> /etc/letsencrypt/live/webeloping.es/privkey.pem,
> /etc/letsencrypt/live/webeloping.es/fullchain.pem
> smtp_tls_chain_files= $smtpd_tls_chain_files
That's your primary (d
On Thu, Jan 21, 2021 at 06:32:04PM -0500, Viktor Dukhovni wrote:
> > That's the one I use now:
> > smtpd_tls_chain_files =
> > /etc/letsencrypt/live/webeloping.es/privkey.pem,
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > smtp_tls_chain_files= $smtpd_tls_chain_files
>
> Th
Thanks a lot man. I'm really, really happy. Been digging on it for
quite a few hours, now.
You made my day! :)
Just in case anyone needs it, the following command, to rebuild the
contents, made the trick:
postmap -F hash:/etc/postfix/tls_server_sni_maps.map
On Fri, Jan 22, 2021 at 12:32 AM Vikt
On Thu, Jan 21, 2021 at 06:46:41PM -0500, Theodore Knab wrote:
> I think I keep mine simpler,so mine shouldn't fail in April as long as
> my cronjob auto updates the SSL Cert.
If you're not using SNI with indexed file tables (cdb, lmdb, hash, or
btree), then your certificate chains are read direc
Hey,
I think let's encrypt SSL certificates expire every three to four months by
default.
I recently started using Let's Encrypt's certbot for Postfix TLS.
Your's appears to have expired on Jan 2, 2021.
> verify error:num=10:certificate has expired
> notAfter=Jan 2 21:47:07 2021 GMT
> verify
Hello,
I am using regex header_checks for smtpd. This rule works fine:
/^Subject: Your parcel .*/ DISCARD
But when I try to do a recipient-specific rule
if /^To: /
/^Subject: Your parcel .*/ DISCARD
endif
it does not work, even when the recipient is exactly
Any idea why ?
Also, I know I can
On 1/21/21 10:39 PM, Fourhundred Thecat wrote:
> Hello,
>
> I am using regex header_checks for smtpd. This rule works fine:
>
> /^Subject: Your parcel .*/ DISCARD
>
> But when I try to do a recipient-specific rule
>
> if /^To: /
> /^Subject: Your parcel .*/ DISCARD
> endif
>
> it does not work
That is a mart find Victor.
I think I keep mine simpler,so mine shouldn't fail in April as long as
my cronjob auto updates the SSL Cert.
#postfix2 compatibility mode
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_r
On Thursday, January 21, 2021 5:15:49 PM CET Viktor Dukhovni wrote:
Hello Viktor,
> Postfix already rebuilds LDAP connections on error and retries the
> search:
> [...]
>
> If there's more than one LDAP server, and the one being used crashes,
> the new connection will use a different server.
Th
I'm having some difficulty figuring out how to configure both recipient and
sender dependent relay hosts.
1. Some of my users need to send mail through specific relay hosts with
login:password;
2. Other users on the same box will use the local SMTP server to relay
mail: the default transport if yo
34 matches
Mail list logo
