Re: Why would dovecot not be answering

On 22.01.22 23:00, Ruben Safir wrote: I am really lost as to why dovecot is not authenticating I have smtpd_sasl_type = dovecot in main.cf and # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } in /etc/dovecot/conf.d/10-master.con

Re: postfix and submission and amavis

Thanks Viktor and raf. postfix is working well now. Cheers, Noah On 1/22/22 6:50 PM, Viktor Dukhovni wrote: On Sat, Jan 22, 2022 at 04:18:27PM -0800, Noah wrote: Jan 23 00:08:12 localhost postfix/smtpd[18628]: warning: connect #1 to subsystem public/cleanup_submission: No such file or direc

smtpd_reject_unlisted_recipient

If reject_unlisted_recipient isn't used in any of the smtpd_*_restrictions And smtpd_reject_unlisted_recipient = yes At what stage is smtpd_reject_unlisted_recipient checked and rejected? During smtpd_recipient_restrictions checks? At the end after smtpd_end_of_data_restrictions? Or somewhere els

Re: Why would dovecot not be answering

On 2022-01-22 at 23:00:55 UTC-0500 (Sat, 22 Jan 2022 23:00:55 -0500) Ruben Safir is rumored to have said: I am really lost as to why dovecot is not authenticating I have smtpd_sasl_type = dovecot in main.cf and # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 066

no TLSA records found?

Hello, I am trying to debug/enable/test DANE on one of my domains. Actually the domain runs an experimental SMTP receiver running for domain et.lindenberg.one with six MXs, some of them configured to cause certificate validations to fail. To the best of my knowledge I added syntactically cor

Re: Why would dovecot not be answering

Dnia 22.01.2022 o godz. 23:00:55 Ruben Safir pisze: > I am really lost as to why dovecot is not authenticating > > I have > > smtpd_sasl_type = dovecot > > in main.cf And what is the value of smtpd_sasl_path ? I have smtpd_sasl_path = private/auth in main.cf, and in Dovecot config I have s

Re: Why would dovecot not be answering

On 2022-01-23 18:33, Bill Cole wrote: I wish you good luck in figuring out your problem without that information, as you would certainly need it. so many bad guides on make it not work, and so few that works https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/ only fa

Re: smtpd_reject_unlisted_recipient

post...@ptld.com: > If reject_unlisted_recipient isn't used in any of the smtpd_*_restrictions > And smtpd_reject_unlisted_recipient = yes > > At what stage is smtpd_reject_unlisted_recipient checked and rejected? > During smtpd_recipient_restrictions checks? > At the end after smtpd_end_of_data_

Re: smtpd_reject_unlisted_recipient

post...@ptld.com: If reject_unlisted_recipient isn't used in any of the smtpd_*_restrictions And smtpd_reject_unlisted_recipient = yes At what stage is smtpd_reject_unlisted_recipient checked and rejected? During smtpd_recipient_restrictions checks? At the end after smtpd_end_of_data_restriction

Re: smtpd_reject_unlisted_recipient

>> With the default "smtpd_reject_unlisted_recipient = yes" the implicit >> reject_unlisted_recipient is evaluated after smtpd_relay_restrictions >> and smtpd_recipient_restrictions, but only if the recipient was not >> already rejcted. >> >> If you wonder why not evaluate this first, that is becau

Re: no TLSA records found?

On Sun, Jan 23, 2022 at 06:48:50PM +0100, Joachim Lindenberg wrote: > To the best of my knowledge I added syntactically correct TLSAs > indirectly via CNAMEs except for mx01.et.lindenberg.one, and the > validator at > https://dane.sys4.de/smtp/et.linde

DANE but DNS Provider dont support this

In the mean time installed DANE on local machine, but my DNS-Provider dont Support this feature? can i use also .TXT,  please how i can publish this? thanks

AW: no TLSA records found?

Hello Viktor, thanks for looking into it! >A signed TLSA "2 1 1" record for mx03 matching the Let's Encrypt "R3" >intermediate issuer. You should really also publish at least also a TLSA >record matching "R4" key. See >https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html Thanks for the adv

Re: no TLSA records found?

On Sun, Jan 23, 2022 at 10:13:17PM +0100, Joachim Lindenberg wrote: > I am really wondering why it works for one domain and doesn´t for mine. See: https://dnsviz.net/d/et.lindenberg.one/dnssec/ It appears that "et.lindenberg.one" is a CNAME for "io.lindenberg.one", and it is not valid to have bo

AW: no TLSA records found?

Hello Victor, Thanks a lot! That´s the root cause. I added the CNAME to get LE to verify the certificate shared by the MX addresses - and I prefer CNAMEs to avoid double maintenance. I now exchanged CNAME with A and it worked (or failed because of misconfiguration of my mock server). Probably sh

Re: DANE but DNS Provider dont support this

On Sun, Jan 23, 2022 at 10:06:38PM +0100, Maurizio Caloro wrote: > In the mean time installed DANE on local machine, but my DNS-Provider > dont Support this feature? If your domain is hosted by a "managed DNS" provider, with some sort of web API for adding records, and there is no interface for a

Re: DANE but DNS Provider dont support this

On 2022-01-23 at 16:06:38 UTC-0500 (Sun, 23 Jan 2022 22:06:38 +0100) Maurizio Caloro is rumored to have said: In the mean time installed DANE on local machine, but my DNS-Provider dont Support this feature? can i use also .TXT,  please how i can publish this? To deploy DANE you need an autho

Re: no TLSA records found?

On Sun, Jan 23, 2022 at 10:44:23PM +0100, Joachim Lindenberg wrote: > Thanks a lot! That´s the root cause. I added the CNAME to get LE to > verify the certificate shared by the MX addresses - and I prefer > CNAMEs to avoid double maintenance. I now exchanged CNAME with A and > it worked (or failed

[Announcement] First public release of PostQF

Hello Postfix users. Hopefully neither Wietse nor you folks will mind me announcing my latest software baby here. ;-) I have just released version 0.1 of PostQF, a user-friendly Postfix queue data filter easily used in Unix-like pipes. For example postqueue -j | postqf -a 90m | wc -l prints t

Re: [Announcement] First public release of PostQF

On Sun, Jan 23, 2022 at 11:08:49PM +0100, Ralph Seichter wrote: > Hello Postfix users. > > Hopefully neither Wietse nor you folks will mind me announcing my latest > software baby here. ;-) > > I have just released version 0.1 of PostQF, a user-friendly Postfix > queue data filter easily used

Re: [Announcement] First public release of PostQF

> "Why not use jq?" I hear you ask. While jq is undoubtedly powerful and > can handle pretty much any JSON data thrown at it, I found jq's syntax > rather cumbersome. PostQF is specifically designed to make filtering > Postfix queue data both easier and quicker, by means of simple command > line

Re: [Announcement] First public release of PostQF

* raf: > I suppose a shell alias or function could take care of that without > needing to type the extra option (e.g.: alias postqq='postqueue -j | > postqf'). Indeed. In typical Unix-pipeline fashion, PostQF reads from stdin and writes to stdout per default, and it is up to the user to provide t

Re: [Announcement] First public release of PostQF

* Viktor Dukhovni: > Of course implementing a "jq" script with the same command-line > interface as "postqf" is not too difficult. Faced with the choice between doing that or writing Python code, I chose the latter. ;-) > The main difference is that the regular expression syntax in JQ is > somew