On 2022-04-22 22:53, Viktor Dukhovni wrote:
On Fri, Apr 22, 2022 at 06:54:56PM -0700, Dan Mahoney wrote:
We *also* recently set sp=reject in dmarc. Which presents us with a
problem.
I have no advice re DMARC, never have or will use it.
Which indeed IS a word of advice. :)
--
http://rob0.n
> On 04-23-2022 12:35 am, ミユナ wrote:
> when postfix talks to dovecot, does it require user's username/password for
> authentication? or this communication just goes without
> authentication?
I have to do a little guessing on what you mean.
When postfix talks to dovecot? To do what? Deliver an ema
On 4/23/22 09:47, Rob McGee wrote:
> On 2022-04-22 22:53, Viktor Dukhovni wrote:
>> On Fri, Apr 22, 2022 at 06:54:56PM -0700, Dan Mahoney wrote:
>>> We *also* recently set sp=reject in dmarc. Which presents us with a
>>> problem.
>>
>> I have no advice re DMARC, never have or will use it.
>
> Wh
>
> On 23 Apr 2022, at 10:15 am, Demi Marie Obenour wrote:
>
>>>
>>> I have no advice re DMARC, never have or will use it.
>>
>> Which indeed IS a word of advice. :)
It wasn't. I have no need for DMARC, others are welcome to use it or
not as they see fit. Ideally after understanding the pro
On Sat, Apr 23, 2022 at 12:35:06PM +0800, ミユナ (alice) wrote:
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> mode = 0600
> user = postfix
> group = postfix
> }
This supports message delivery from Postfix to dovecot via LMTP.
> unix_listener
Wietse Venema wrote:
> Michael Grimm:
>> Wietse Venema wrote:
>>> Would these commands make a difference (for Postfix 3.7 or 3.8):
>>>
>>> postconf -P smtp/inet/smtputf8_enable=no
>>> postfix reload
>>
>> Done. Please give me 24/48 hours to respond, because these events
>> are not that often .
On 4/23/22 20:14, Michael Grimm wrote:
1) Is smtputf8_enable=yes essential in email traffic as of today?
Good question. Is there any other MTA besides postfix supporting SMTPUTF8?
Ciao, Michael.
Did you have NON-SMTP command events for the cases that had signal 11
errors? If so, can we have more complete logs for ONE such case?
What is the output from:
postconf smtputf8_enable
Wietse
Michael Grimm:
> Apr 23 12:07:45 mail.lan postfix/postscreen[61983]: PREGREET 159
> after 0.03 from [1.2.3.4]:58878:
> \026\003\001\000\232\001\000\000\226\003\0030An';\265\235\335\250\344N,%\233Y\305\226\030tMb\024\b\3
> Apr 23 12:09:49 mail.lan postfix/postscreen[4271]: PREGREET 159
> after
Wietse Venema wrote
> Did you have NON-SMTP command events for the cases that had signal 11
> errors? If so, can we have more complete logs for ONE such case?
No, I haven't. I can find those entries a lot, but not in conjunction with
signal 11.
Sorry for the noise.
> What is the output from:
>
Wietse Venema wrote:
> Michael Grimm:
>> Apr 23 12:07:45 mail.lan postfix/postscreen[61983]: PREGREET 159
>> after 0.03 from [1.2.3.4]:58878:
>> \026\003\001\000\232\001\000\000\226\003\0030An';\265\235\335\250\344N,%\233Y\305\226\030tMb\024\b\3
>> Apr 23 12:09:49 mail.lan postfix/postscreen[
> On Apr 22, 2022, at 8:53 PM, Viktor Dukhovni
> wrote:
>
> On Fri, Apr 22, 2022 at 06:54:56PM -0700, Dan Mahoney wrote:
>
>> masquerade_domains = !ops.foo.org, !support.foo.org, !gitlab.foo.org,
>> !lists.foo.org, isc.org
>> masquerade_exceptions = root
>
> Personally, I avoid masquerade_
On Sat, Apr 23, 2022 at 05:18:06PM -0700, Dan Mahoney wrote:
> Does postfix have any support at all for rewriting the non-email-address
> portion of the from line? (The “Real name” portion).
Only by way of override in sendmail(1) IIRC. The MTA does not rewrite
display names in any systematic w
Michael Grimm:
> Wietse Venema wrote
>
> > Did you have NON-SMTP command events for the cases that had signal 11
> > errors? If so, can we have more complete logs for ONE such case?
>
> No, I haven't. I can find those entries a lot, but not in conjunction
> with signal 11. Sorry for the noise.
Viktor Dukhovni:
> On Sat, Apr 23, 2022 at 05:18:06PM -0700, Dan Mahoney wrote:
>
> > Does postfix have any support at all for rewriting the non-email-address
> > portion of the from line? (The ?Real name? portion).
>
> Only by way of override in sendmail(1) IIRC. The MTA does not rewrite
> di
thanks for clarify victor.
Viktor Dukhovni wrote:
Not for LMTP delivery to the user's mailbox.
On Sat, Apr 23, 2022 at 09:02:09PM -0400, Wietse Venema wrote:
> The PREGREET logging for those eight craashing sessions shows that
> this client 1.2.3.4 was changing its TLS record version from 0x0303
> (\003\003) to 0x0302 (\003\002) to 0x0301 (\003\001).
>
> Mar 28 01:33:22 mail.lan postfix/p
may I ask another question I am not sure.
I have got the certificates from letsencrypt for the root domain, in
this case it's coakmail.com
since the MUA uses coakmail.com as smtp/imap servers, this has no problem.
but my MX RR is: box.coakmail.com
I know MX only accpets messages on port 25 (
ミユナ (alice) writes:
> may I ask another question I am not sure.
>
> I have got the certificates from letsencrypt for the root domain, in
> this case it's coakmail.com
>
> since the MUA uses coakmail.com as smtp/imap servers, this has no problem.
>
> but my MX RR is: box.coakmail.com
Tou definit
Olivier wrote:
Tou definitely need the certificate for box.coakmail.com because that's
the actual server that receives all the traffic.
does plain traffic on port 25 require a certificate?
"ミユナ (alice)" writes:
> Olivier wrote:
>> Tou definitely need the certificate for box.coakmail.com because that's
>> the actual server that receives all the traffic.
>
> does plain traffic on port 25 require a certificate?
Maybe RFC 8461 is our friend. In my case, i did setup all MXs with the
ce
Viktor Dukhovni:
> On Sat, Apr 23, 2022 at 09:02:09PM -0400, Wietse Venema wrote:
>
> > The PREGREET logging for those eight craashing sessions shows that
> > this client 1.2.3.4 was changing its TLS record version from 0x0303
> > (\003\003) to 0x0302 (\003\002) to 0x0301 (\003\001).
> >
> > Mar
> On 04-23-2022 9:58 pm, ミユナ wrote:
> does plain traffic on port 25 require a certificate?
That is optional and up to you if you want connections to use STARTTLS.
Look into the following settings:
smtpd_tls_security_level
smtp_tls_security_level
smtpd_tls_cert_file
smtpd_tls_key_file
On Sat, Apr 23, 2022 at 10:28:37PM -0400, Wietse Venema wrote:
> It would be invaluable to have a recording of a complete session
> with that system. Something like:
>
> tcpdump -i name-of-interface is 2000 -w /file/name host 1.2.3.4
I think Wietse meant "-s 2000" rather than "is" 2000. The
On Sun, Apr 24, 2022 at 09:23:00AM +0800, ミユナ (alice) wrote:
> since the MUA uses coakmail.com as smtp/imap servers, this has no problem.
>
> but my MX RR is: box.coakmail.com
If you're using an https://mailinabox.email appliance, a suitable
certificate will be obtained automatically. If not, p
On Sun, Apr 24, 2022 at 08:53:25AM +0700, Olivier
wrote:
> ミユナ (alice) writes:
>
> > may I ask another question I am not sure.
> >
> > I have got the certificates from letsencrypt for the root domain, in
> > this case it's coakmail.com
> >
> > since the MUA uses coakmail.com as smtp/imap serv
Viktor Dukhovni wrote:
Bottom line, a matching name in the certificate is desirable, but
typically optional.
that makes clear. thanks
raf wrote:
I'm fairly sure that's correct. MTAs generally don't
care if the MX domain doesn't match the certificate on
port 25. But MUAs generally do care if the hostname
they are configured to connect to doesn't match the
certificate on whatever ports they connect
that's good. so I can have
28 matches
Mail list logo
