[pfx] incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

i updated a postfix server, postconf mail_version mail_version = 3.8.1 on lsb_release -rd Description:Fedora release 38 (Thirty Eight) Release:38 with openssl version OpenSSL 3.0.9 30 May 2023

[pfx] Postfix stable release 3.8.1, and legacy releases 3.7.6, 3.6.10, 3.5.20

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.1.html] These updates fix minor bugs, and introduce optional features to address changes in OS platforms and network abuse. Optional or fixed with Postfix 3.8.1, 3.7.6, 3.6.10, 3.5.20:

[pfx] Re: Postfix stable release 3.8.1, and legacy releases 3.7.6, 3.6.10, 3.5.20

On Tue, Jun 06, 2023 at 09:48:11 -0400, Wietse Venema via Postfix-users wrote: > * Optional: harden a Postfix SMTP server against remote SMTP > clients that violate RFC 2920 (or 5321) command pipelining > constraints. With "smtpd_forbid_unauth_pipelining = yes", the > server disconnec

[pfx] Re: Postfix stable release 3.8.1, and legacy releases 3.7.6, 3.6.10, 3.5.20

Geert Hendrickx via Postfix-users: > On Tue, Jun 06, 2023 at 09:48:11 -0400, Wietse Venema via Postfix-users wrote: > > * Optional: harden a Postfix SMTP server against remote SMTP > > clients that violate RFC 2920 (or 5321) command pipelining > > constraints. With "smtpd_forbid_unauth_pi

[pfx] Re: Postfix stable release 3.8.1, and legacy releases 3.7.6, 3.6.10, 3.5.20

Wietse Venema via Postfix-users: > Geert Hendrickx via Postfix-users: > > On Tue, Jun 06, 2023 at 09:48:11 -0400, Wietse Venema via Postfix-users > > wrote: > > > * Optional: harden a Postfix SMTP server against remote SMTP > > > clients that violate RFC 2920 (or 5321) command pipelining > >

[pfx] Re: incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

On Tue, Jun 06, 2023 at 08:21:38AM -0400, PGNet Dev via Postfix-users wrote: > postconf mail_version > mail_version = 3.8.1 > > on > > lsb_release -rd > Description:Fedora release 38 (Thirty Eight) > Release:38 The Fedora crypto

[pfx] Re: incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

The Fedora crypto policies apply to both servers and clients. Your client doing the tests is almost certainly using the default SECLEVEL=2, which disables TLSv1 and TLSv1.1. If you configure the client to also allow these protocols, the test will work as expected. The problem is not on the Post

[pfx] Re: Postfix stable release 3.8.1, and legacy releases 3.7.6, 3.6.10, 3.5.20

On Tue, Jun 06, 2023 at 10:31:30 -0400, Wietse Venema via Postfix-users wrote: > Geert Hendrickx via Postfix-users: > > What is the relation between new "smtpd_forbid_unauth_pipelining" > > and existing "reject_unauth_pipelining" in smtpd_*_restrictions? > > smtpd_forbid_unauth_pipelining disconne

[pfx] opendmarc question about many Undeliverable messages

Hi, I use OpenDMARC and I have it sending failure reports with "FailureReports true". Unfortunately, one organisation that sends me emails has a bug in their SPF record, and they no longer have the postmaster@ email address needed to receive DMARC reports, and I'm not sure that they know how to up

[pfx] Re: incorrect usage of new parameters "tls_config_file" and "tls_config_name" ?

On Tue, Jun 06, 2023 at 11:52:42AM -0400, PGNet Dev wrote: > > Note that Postfix ">=TLS..." syntax explicitly sets the minimum protocol > > level, overriding any config file defaults (including crypto policy). > > i did not understand that to be the case. > > tho I *do* have > > smtp_t