ipv6 address syntax in master.cf

hello, simple question. is that possible writing ipv6 address style in master.cf? if it is possible, which is correct syntax? [::1]:10028 inet (...) smtpd or ::1:10028 inet (...) smtpd byunghee

Re: ipv6 address syntax in master.cf

Olivier MJ Crepin-Leblond wrote: Use the notation with the square brackets: [::1]:10028 They are used to differentiate the colon used for separaring the port, as opposed to a colon which is part of the IPv6 address. Olivier Thanks! byunghee

sending email with Gnus

Hello, As far as i know, Postfix does not support GNU TLS. Nevertheless! Is it possible sending email with Gnus (MUA) via Postfix (MTA)? In the future, i'll move to Gnus from Thundirbird. For now, only problem is an association with Postfix and GNU TLS. byunghee

Re: matching IP ranges in headers

r better way? Use Google Apps: http://www.google.com/a ;; Unfortunately, Google Apps is the best solution for spam filtering, as far as i know. Sincerely, -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: dk dkim with dkimproxy

y.fakessh.eu. TXT Sincerely, -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: dk dkim with dkimproxy

ith external public DNS (eg, bitsy.mit.edu) ;; $ host -t txt fakessh.eu._domainkey.fakessh.eu. bitsy.mit.edu. Sincerely, -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: help with dkimproxy

.port25.com's reflector is always complaining about your signatures. Please, double check your conf files(e.g., dkimproxy_out.conf, sender_map.conf, ...). Meanwhile, Google also can be your good friend as signature's verifier. See Gmail's header in detail. There is some line on

Re: sasl2auth how to

t; > nb : "Buddha" peace themselve If i understood your words correctly, you need this paper: http://www.postfix.org/SASL_README.html Google also can be good friend as SASL Auth over TLS. Please have a look this paper: http://souptonuts.sourceforge.net/postfix_tutorial.html Sincerely,

Re: Warning: SASL authentication failure: no user in db

getpwent") by modifying /usr/local/lib/sasl2/smtpd.conf ;; FYI, currently, the default authentication mechanism in FreeBSD system is "pam" [1]. For more information, have a look saslauthd(8) with care ;; Sincerely, [1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/cyrus-sasl2-saslauthd/files/saslauthd.sh.in?rev=1.2;content-type=text%2Fplain -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: Restricted Outbound Email

u mail to valid > recipients, by replacing the OK above with > "reject_unverified_recipient, OK" > See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient That is good for me, too. Thanks, Noel! -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/

Postfix and IDENT (RFC1413)

Still not support? -- Byung-Hee HWANG, KNU ∑ WWW: http://izb.knu.ac.kr/~bh/ "Never mind being a dance judge, do your job. Take a walk around the neighborhood and see everything is OK." -- Peter Clemenza, "Chapter 1", page 20

Re: Postfix and IDENT (RFC1413)

"Terry Carmen" writes: >> Still not support? >> >> > Postfix implements the SMTP protocol. Why would you expect it to implement > Ident? > Sorry for noise. So i resend with some comments. Oneday i saw an email including unusual Received header on the FreeBSD Project mailing lists. Here is the e

Re: Postfix and IDENT (RFC1413)

Ralf Hildebrandt writes: > * Byung-Hee HWANG : > >> http://izb.knu.ac.kr/~bh/stuff/sendmail20090809001.txt >> >> Can you please explain about the example? > > Received: from ameno.mahoroba.org > (IDENT:MAcVWWSsCq+jNgyMzEhX/rHMZDkharVcRZn2EgHiFH+a/spblm

Re: Postfix and IDENT (RFC1413)

At Mon, 10 Aug 2009 09:30:10 +0200, Ralf Hildebrandt wrote: > > * Byung-Hee HWANG : > > > Thanks for good point, Ralf. Then i would like to give you the question > > again. How can i make to enable the above IDENT feature with Postfix? > > There is no such thing. And

Re: IPv6 and smarter relaying

ct to multiple ipv4 addresses, failed, and ended up forwarding > to my smarter host, which did the rest of the work. > > Half the problem solved. On to getting mail via ipv6 on the laptop... Nice testing! FYI, if you are searching another IPv6 SMTP server (for testing IPv6 feature), try to mx1.freebsd.org. Especially, send mail to "t...@freebsd.org", which is to allow anybody with free charge. Sincerely, -- Byung-Hee HWANG ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: domainkey

At Wed, 19 Aug 2009 10:31:45 -0500, AMP Admin wrote: > > We have the following setup for dkimproxy but it's only signing with dkim > and not domainkey. We would like to do both. Any ideas? Use sender_map.conf ;; -- Byung-Hee HWANG ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: Country IP block list

read. Obvious countries like China > and Brazil I would like to block wholesale. Thanks in advance! > [2 ] Please don't do that. There are many open source committers in Asia and Brasil. You need time to think about that seriously. Sincerely, -- Byung-Hee HWANG ∑ WWW: http://izb.knu.ac.kr/~bh/

Re: moveing to postfix from qmail setup

On Sun, 2008-09-21 at 10:08 -0700, Wayne Catterton wrote: > Hi, > > I currently have an old qmail toaster (customized some) setup. I have > been wanting to build a new mail server for a while, and just finally > got around to doing it. My old system is setup with qmail, vpopmail, > squirrelmail

envelope_sender VS header_sender

i saw some terms "envelope _sender" and "header_sender" in postfix docs on public postfix website. it is so confused to me. what is different between "envelope_sender" and "header_sender"? according to RFC 2822, there is described about "Sender" and "From". is the terms (envelope_sender, header_sen

Re: envelope_sender VS header_sender

(first, i want to send "big thank you!" for Vitor, mouss, Wietse ;;) On Sun, 2008-10-12 at 12:28 -0400, Wietse Venema wrote: > Byung-Hee HWANG: > > i saw some terms "envelope _sender" and "header_sender" in postfix docs > > on public postfix websit

Re: envelope_sender VS header_sender

On Sun, 2008-10-12 at 20:39 +0200, mouss wrote: > Byung-Hee HWANG a crit : > > [snip] > > your example is good and cool to me ;; and more, here this message's > > envelope_sender(RFC2822's Sender) > > envelope sender is governed by RFC[2]821 (smtp), not RFC[2

Re: Finally blocking some spam

Joey wrote: [...] I made a list from the web of IP’s in the following countries: asian.list czech.list internal-h.list internal-m.list india.list poland.list turkey.list [...] Instead, use RelayCountry plugin of SpamAssassin. Using RelayContry plugin is more smooth than your the way. And mo

[OT] What is a condition for ideal mail server?

Hi, i'm not a serious hacker nor a power user for Postfix. I'm just using Postfix. Recently, i'm interested in setup ideal mail server for outgoing. Already i moved my mailbox to Google Apps because i could not handle so many spam. So now making receiving SMTP is not my concern. Only my concern

Re: [OT] What is a condition for ideal mail server?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mouss wrote: > Byung-Hee HWANG a écrit : [...] > - Use the submission port (587) with TLS+SASL. What is different between using 25 and using 587? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (F

free certificate over TLS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Recently, actually i'm interested in a certificate over TLS on SMTP as like ISC's MX. However, i don't know how to use that. Is there anyone to use certificate over TLS? Can you please give me some hint? Or information? Thanks in advance ;; byunghee -

Re: free certificate over TLS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noel Jones wrote: > This should have all the information you need: > http://www.postfix.org/TLS_README.html > > If you have specific questions after reading the above, please see: > http://www.postfix.org/DEBUG_README.html#mail > Ah Noel, thank you q

Re: free certificate over TLS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Victor Duchovni wrote: > On Tue, Oct 28, 2008 at 09:34:11AM +0900, Byung-Hee HWANG wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Noel Jones wrote: >>> This should have all the informati

[OT] with ezmlm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (first of all, sorry if it is already discussed and a known issue) Is that possible to set up Postfix with ezmlm? I'm considering to make a private mailing list with ezmlm. Yep, i think ezmlm is more fast than mailman. Can you please help me for that?

Re: OT: Sender Header

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Evans - Postfix List wrote: [...] > It is added by the mail client, not the server. Can you please show me some example? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.or

Re: [OT] with ezmlm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wietse Venema wrote: > Byung-Hee HWANG: >> (first of all, sorry if it is already discussed and a known issue) >> >> Is that possible to set up Postfix with ezmlm? I'm considering to make a >> private mailing list with e

Re: Installing DKIM

LuKreme wrote: [...] The other question is what do most people do with the check on the DKIM if a message fails, reject outright? Won't this mess up any forwarded mail? Because of DKIM and related specifications are in a time of transition stage, it is not good to reject directly if a messag

relay with permit_tls_clientcerts

Hello, I'm using Google Workspace and Postfix (Only Outbound). I am very interested in permit_tls_clientcerts. In particular, i would like to relay by permit_tls_clientcerts. Because it seems like very reliable and trust! There is how-to and example docs related on permit_tls_clientcerts? (befo

Solved (Was: Re: relay with permit_tls_clientcerts)

Byung-Hee HWANG writes: > (...) > There is how-to and example docs related on permit_tls_clientcerts? > (before i did try googling but failed) Oh, now i resolved! #+BEGIN_SRC text soyeomul@yw-1204:~$ cat /etc/postfix/relay_clientcerts D7:5B:D1:A0:EA:A1:8D:9F:7A:4D:77:47:AD:DE:2D:0

Re: Solved

Viktor Dukhovni writes: > On Tue, Apr 05, 2022 at 12:54:55PM +0900, Byung-Hee HWANG wrote: > >> soyeomul@yw-1204:~$ cat /etc/postfix/relay_clientcerts >> D7:5B:D1:A0:EA:A1:8D:9F:7A:4D:77:47:AD:DE:2D:07 yw-0919.doraji.xyz >> 01:7A:51:89:E5:C0:07:17:51:66:0D:C5:77:F8:77:38

Best way forwarding to Gmail

Hellow, My final Inbox Provider is Gmail(soyeo...@gmail.com) for 13 years. Also i added paid plan of Google Workspace for Someday far later i have to plan. That is to forward into soyeo...@gmail.com all emails (on soyeo...@doraji.xyz). (If True) then, i will subtract paid plan of Google Workspac

Re: AW: Best way forwarding to Gmail

"Ludi Cree" writes: > (...thanks...) > My advice is not to forward to GMail if you can not exclude spam. ^ This is a worthwhile answer for me, thanks! > Greets, > Ludi Sincerely, Byung-Hee -- ^고맙습니다 _和合團結_ 감사합니다_^))//

Re: AW: Best way forwarding to Gmail

Dominic Raferd writes: > On 06/04/2022 13:26, Byung-Hee HWANG wrote: >> "Ludi Cree" writes: >> >>> (...thanks...) >>> My advice is not to forward to GMail if you can not exclude spam. >>^^

Re: Best way forwarding to Gmail

(... sorry for late ...) Byung-Hee HWANG writes: > Hellow, > > My final Inbox Provider is Gmail(soyeo...@gmail.com) for 13 years. Also > i added paid plan of Google Workspace for > > Someday far later i have to plan. That is to forward into > soyeo...@gmail.com

Re: setup postfix to send email

Dear roberts, r r writes: > Hello, > > My domain registrar has email forwarding for free. I plan to setup a > authorized SMTP in my ubuntu VPS for sending email from this domain. > I am newbie to email server and postfix. > Do you have any suggestion on doing this? Do you read rfc 8461? That is

Re: Best way forwarding to Gmail

(sorry i forgot one file) > After all, i did make decision. See here: > This is the full headers: (the above thing)

Re: question about certificates usage

"ミユナ (alice)" writes: > Olivier wrote: >> Tou definitely need the certificate for box.coakmail.com because that's >> the actual server that receives all the traffic. > > does plain traffic on port 25 require a certificate? Maybe RFC 8461 is our friend. In my case, i did setup all MXs with the ce

Re: how other MTA talks to me

"ミユナ (alice)" writes: > (... thanks ...) > but for smtp service on port 25, how other MTA talks to me? they are > using plain, startTLS or SSL? This is useful testing site: Thanks ^^^ Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

Re: how other MTA talks to me

>> This is useful testing site: >> Also smtp*_tls_loglevel are useful to debug. Thanks ^^^ Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

Re: password security

> There is obviously a point where the server won't be capable of > handling the load, always. But what are the odds with "just" a > brute-force on passwords/accounts? > Our outbound/internal mail gateway handles the traffic for +2K > every-day users +28K occasional users. Millions emails per month

Re: password security

Dear Viktor, Viktor Dukhovni writes: > On Tue, Apr 26, 2022 at 11:54:21PM +0900, Byung-Hee HWANG wrote: > >> > There is obviously a point where the server won't be capable of >> > handling the load, always. But what are the odds with "just" a >>

Re: Postfix stable release 3.7.1 and legacy releases 3.6.6, 3.5.16, 3.4.26

Greg Klanderman writes: >> On April 18, 2022 Wietse Venema wrote: > >> * (problem introduced: Postfix 3.0) With dynamic map loading >> enabled, an attempt to create a map with "postmap regexp:path" >> would result in a bogus error message "Is the postfix-regexp >> package insta

Re: what's a encrypted email?

wilson writes: > today everyone claim they are encrypted email provider. > what's the definition of an encrypted email? messages and headers and > logs were encrypted in the rest? I think RFC 8461 is worth considering, thanks! Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

dnswl.org lookup error

Hellow! I am running postfix server under Ubuntu 18.04 LTS at Google Compute Engine. The hostname is <>, open port is 25 only. The server conf are bellow: So now question. After i added 'permit_dnswl_client list.dnswl.org', ve

Re: dnswl.org lookup error

Dear Bastian, Bastian Blank writes: > Hi > > On Sun, May 08, 2022 at 07:42:00PM +0900, Byung-Hee HWANG wrote: >> May 8 10:24:25 bionic190316003 postfix/smtpd[10918]: warning: >> 17.188.51.209.list.dnswl.org: RBL lookup error: Host or domain name >> not found.

Re: dnswl.org lookup error

Dear Bjoern, Bjoern Franke writes: > Hi, > >> I think your system is using systemd-resolved for DNS lookups; this >> hands off the real work of resolving to public resolvers, so RBLs will >> block your lookups. This is a normal setup for a systemd-based distro >> but is not appropriate for a mai

Re: dnswl.org lookup error

Dear Dominic, Dominic Raferd writes: > On 08/05/2022 11:59, Byung-Hee HWANG wrote: >> Dear Bastian, >> >> Bastian Blank writes: >> >>> Hi >>> >>> On Sun, May 08, 2022 at 07:42:00PM +0900, Byung-Hee HWANG wrote: >>>

Solved (Was: Re: dnswl.org lookup error)

Byung-Hee HWANG writes: > Hellow! > > I am running postfix server under Ubuntu 18.04 LTS at Google Compute > Engine. The hostname is <>, open port is 25 only. > > The server conf are bellow: > <https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/smtp-conf.yw-0919

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

Hellow Matt, Matt Kinni writes: > I have opendkim configured via 'smtpd_milters' to sign all outbound > mail, and my domain publishes a "quarantine" dmarc record to enforce > the consequences of this. > > I recently discovered that MAILER-DAEMON messages generated by postfix > itself bypass this

Re: transport map with TLS policies?

Hellow Joachim, "Joachim Lindenberg" writes: > I wanted to send a mail to a domain yesterday, that was using dead MX records > and one > the one MX that was alive, was presenting an untrusted certificate (my server > uses verify > by default). I added a transport map (or “route” as mailcow-doc

Re: AW: transport map with TLS policies?

Hellow Joachim, "Joachim Lindenberg" writes: > Hello Byung-Hee, > I do have all of the following in my TLS policy: > domainmay > mx.domain may > [mx.domain]:25may > and it doesn´t work for me. Well you could check that your server is 'good' or 'not g

Re: tricky dual delivery challenge

Hellow charlie, charlie derr writes: > Greetings fine postfix wizards, > > We are in the process of transitioning from a local postfix and dovecot > infrastructure to using gmail. While we're in the process of copying > over all of our users' archived email to the new gmail environment, we'd > l

Re: transport map with TLS policies?

Viktor Dukhovni writes: > (... thanks ...) > Yes. But in your case (with an overly strict default policy, requiring > may exceptions) it would be more appropriate to define a dedicated > transport for opportunistic unauthenticated TLS: > > # Or "dane" instead of "may" if you have a working D

Re: AW: AW: transport map with TLS policies?

Dear Joachim, "Joachim Lindenberg" writes: > Couldn´t run the python script due to postfix in docker, but can run > postfix-finger domain - but this tells me what I already knew and > wrote in my first mail. The certificate is not trusted and thus verify > as default does not work, and it doesn´

[pfx] Re: Test Post - Please Ignore

duluxoz via Postfix-users writes: > Sorry Everyone, but I need to test if my posts are going through > > Please ignore (or feel free to send me a confirmation) > > Cheers > > Dulux-Oz Looks good. But Subject's prefix [pfx] or [P-U] are too rich. Just it is minority feedback... Sincerely, --

[pfx] Re: Configuration of postfix on Ubuntu 22

Aosars Repository via Postfix-users writes: > Hi all, > I have installed postfix on Ubuntu server 22 and configured to use gmail > smtp.But it fails to send mails. > Can some share with me a step by step guide on installation and > configuration. At first, as Ralf already mentioned, make sure

[pfx] What is best way for backup solution?

Hellow, I am running two Postfix servers. Both are in Cloud -- Google GCP and Rimuhosting-EU VM. Recently i thought that i have to backup servers setting values. Because sometimes i meet minor accidents. Somebody say Docker is good for backup. Though i would like to hear more opinions. Any commen

[pfx] Re: What is best way for backup solution?

Dear Matt, Matt Kinni via Postfix-users writes: > Are you just talking about backing up the config files in /etc/postfix? > I would recommend using git for version control; there is nothing > special about backing up the postfix configs vis a vis any other > service on your machine. It also wou

[pfx] Re: secondary MX server

Corey Hickman via Postfix-users writes: > Hello, > > Since almost every sending MTA has the queues, do I need a secondary > MX for my domain email? > > I am afraid the secondary MX was abused by spammers. > > Thanks. I am now running secondary mx. It is valuable for me. Use MTA-STS (testing is

[pfx] Re: invalid and non-fqdn hostname

Ken Peng via Postfix-users writes: > (...) > for instance, 腾讯.公司 is a invalid hostname, but it is a fqdn > hostname which will pass the check by the second clause. Good example, thanks! Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users maili

[pfx] Re: forwarding setup for mailbox user

tom--- via Postfix-users writes: > Hello, > > for a mailbox user, such as my one t...@myposts.ovh, where to define > the forwarding? for example, I want messages sent to this mailbox to > be copied to gmail. Hellow tom, DKIM is good for you if you are domain's owner. This is general guideline:

[pfx] Re: SPF: HELO does not publish an SPF Record

> 2) change smtp_helo_name to > > smtp_helo_name = $mydomain It is very strange, i think. Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@pos

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

Andrew Athan via Postfix-users writes: > (...) > My goal is to silently discard all inbound mail from a certain > domain. Or actually, I may wish to redirect all of that mail either to > a flat file (similar to the proposed blackhole transport) or (...) Go with easy way. See header_checks. `man

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

Matus UHLAR - fantomas via Postfix-users writes: > (...) > for envelope from, simple access map should be enough: > http://www.postfix.org/access.5.html > > and use DISCARD Ok. Thanks for the heads-up, Matus! Sincerely, Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))// __

[pfx] Re: forwarding questions

Tom Reed via Postfix-users writes: > (...) > How can I setup it to both reach local mailbox and forwarding? > You first have to read 3 times very carefully: https://support.google.com/mail/answer/175365?sjid=13805511033984428370-AP I read all emails at Gmail. Yes i'm forwarding user like you.

[pfx] Re: Domain scoring

Ken Peng via Postfix-users writes: > Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. How about dnswl.org? Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ Postfix-users mailing list -- p

[pfx] Re: stop bulk messages

Corey Hickman via Postfix-users writes: > Hello list, > > Some clients abuse the outgoing smtp server for sending bulk messages. > The messages have the same content of business promotion letter. > Do you know how to stop this behavior? > You can not stop it if he/she is paid user. Instead, you

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > I have setup Postfix so that internally I offer TLS to systems but do not > require it since I have no control over their configuration. I did > extensive testing to ensure that the mail gateway supports TLS and accepts > ema

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

Viktor Dukhovni via Postfix-users writes: > (...) > [ Yes, one could also craft "classless" access(5) tables, ... and rely > only on explicit transport(5) table entries, opting out of all the > taxonomy that makes it easier to reason about Postfix mail routing, > but this is not a good idea

[pfx] DANE and DNSSEC

Hellow Postfix hackers, I have a questions while reading DANE docs. Is DNSSEC mandotary? For making DANE mail server. For now i'm running two postfix servers in public. Actually i'm beginner in both DANE and DNSSEC. Any comments welcome! Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// _

[pfx] Re: DANE and DNSSEC

Joachim Lindenberg via Postfix-users writes: > DNSSEC is mandatory for DANE. Hellow Joachim! Thanks for kind replying ^^^ Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe

[pfx] Re: DANE and DNSSEC

Dear Patrick, Patrick Ben Koetter via Postfix-users writes: > (...) > You don't need DNSSEC for your DNS zone *if* your server should DANE-verify > other DANE enabled receiver platforms. In this case all you need to do is run > a DNSSEC-verifying DNS resolver on your server (not systemd-resolved

[pfx] Re: DANE and DNSSEC

raf via Postfix-users writes: > On Thu, May 11, 2023 at 03:17:21PM +0900, Byung-Hee HWANG via Postfix-users > wrote: > >> Hellow Postfix hackers, >> >> I have a questions while reading DANE docs. Is DNSSEC mandotary? For >> making DANE mail server. >&

[pfx] Re: question: "said: 550 Mail was identified as spam"

Hi lty, On Fri, May 12, 2023 at 03:32:45PM +0800, lty--- via Postfix-users wrote: > (...) > We are using postfix 2.11 version. Really? My postfix version are: yw-0919: Postfix 3.3.0 / Ubuntu 18.04 LTS yw-1204: Postfix 3.5.18 / Debian 11 Bullseye And yw-1204 have OpenDKIM 2.11 as *Outbond* SMTP

[pfx] Re: DKIM and DMARC

Tom Reed via Postfix-users writes: > Hello list, > > Should we reject failed message on DKIM validation stage, or DMARC > validation stage, or both? I even DKIM-sign the mail one more time. For forwarding to Gmail. See https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/setup-policy.lua Sincere

[pfx] Re: DANE and DNSSEC

Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, i did make some DS record at Cloudfalre. Thanks to Joachim, Patrick and raf ^^^ Sincerely, Byung-Hee ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send

[pfx] Re: DANE and DNSSEC

Byung-Hee HWANG via Postfix-users writes: > Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, > i did make some DS record at Cloudfalre. > > Thanks to Joachim, Patrick and raf ^^^ And now i added TLSA record for only *outbond* smtp server, <>. I rea

[pfx] Re: DANE and DNSSEC

On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users wrote: > Byung-Hee HWANG via Postfix-users writes: > > > Now i added DNSSEC. Currently it is being registra job. 10 minutes ago, > > i did make some DS record at Cloudfalre. > > > > Than

[pfx] Re: DANE and DNSSEC

Viktor Dukhovni via Postfix-users writes: > On Thu, May 18, 2023 at 09:22:34PM +0900, Byung-Hee HWANG via Postfix-users > wrote: > >> And now i added TLSA record for only *outbond* smtp server, >> . > > It is also your secondary MX host: > > https://stats.dns

[pfx] Re: DANE and DNSSEC

Benny Pedersen via Postfix-users writes: > Byung-Hee HWANG via Postfix-users skrev den 2023-05-19 04:26: > >> Thanks for advice! >> >>>[renewalparams] >>>reuse_key = True >>>preferred_chain = ISRG Root X1 > >> And

[pfx] Re: DANE and DNSSEC

Joachim Lindenberg via Postfix-users writes: > (...) just mark your calendar to update in September 2025 ... Hellow Joachim! Thanks for remarkble tip ^^^ Sincerely, Byung-Hee ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe

[pfx] Re: "danebot" beta release

Viktor Dukhovni via Postfix-users writes: > On Mon, May 22, 2023 at 09:53:36PM -0400, Viktor Dukhovni via Postfix-users > wrote: > >> Key reuse as a *default* rollover approach is robust. When it is time >> to change keys, one can do so deliberately, and with due care to >> prepublish TLSA reco

[pfx] Re: "danebot" beta release

Benny Pedersen via Postfix-users writes: > Byung-Hee HWANG via Postfix-users skrev den 2023-05-25 05:42: > >> Thanks for good tool, because still i feel very hard to make "3 1 1" >> tlsa things. Someday far later, i'll try this "3 1 1" things. >>

[pfx] Re: Problem setting up postfix on arch linux to forward mail to my gmail account

> Next question is where can I find accurate instructions on setting up the > configuration for arch linux to forward mail to my gmail account? Like as people said, forwarding is not easy. Though if you wish try it, use DKIM. Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))// _

[pfx] Re: GMail is rejecting mail I forward

> I have set up SPF for my domain, but I don't think that is relevant to > FORWARDING mail (is it?). I use Gmail forwarding like you. DKIM is my friend. This is my configuration [1]. Sincerely, Byung-Hee [1] https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads --

[pfx] Re: GMail is rejecting mail I forward

> https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads And because i have to prove myself, See: https://gitlab.com/soyeomul/Gnus/-/commit/59122d99bd6a0b01d293c0a2f46d5343e54bbc4e Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// _

[pfx] Re: GMail is rejecting mail I forward

Byung-Hee HWANG via Postfix-users writes: >> https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/setup-policy.lua?ref_type=heads > > And because i have to prove myself, See: > https://gitlab.com/soyeomul/Gnus/-/commit/59122d99bd6a0b01d293c0a2f46d5343e54bbc4e This is more power

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Hellow Viktor, Viktor Dukhovni via Postfix-users writes: > The DANE/DNSSEC survey () has seen a > recent spike in the number of MX hosts whose "2 1 1" TLSA records no > longer match their certificate chain. The records in question all > shar the same digest value

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Hellow raf, > As Viktor pointed out, you're not affected, Welcome! And thanks a lot for confirmation. > but if you want to use "3 1 1", > and you use certbot for your LetsEncrypt certificates, as well as Viktor's > danebot program (https://github.com/tlsaware/danebot), my danectl program > makes

[pfx] Re: TAKE NOTE 2: Future Let's Encrypt CA choice randomisation.

Hellow Viktor, Viktor Dukhovni via Postfix-users writes: > On Wed, Nov 15, 2023 at 04:53:17PM +0100, Geert Hendrickx via Postfix-users > wrote: > >> On Wed, Nov 15, 2023 at 10:29:41 -0500, James Cloos via Postfix-users wrote: >> > LE announced a while back that they would not renew the cross ce

[pfx] Re: TAKE NOTE 2: Future Let's Encrypt CA choice randomisation.

Viktor Dukhovni via Postfix-users writes: > (...) > Good job, you're set until some future change a few years down the line. > > _25._tcp.yw-0919.doraji.xyz. IN CNAME rfc7671.doraji.xyz. > _25._tcp.yw-1204.doraji.xyz. IN CNAME rfc7671.doraji.xyz. > rfc7671.doraji.xyz. IN TLSA 2 1 1 >

[pfx] Re: TAKE NOTE: "2 1 1" TLSA records vs. apparent change of Let's Encrypt default certificate chain

Ralph Seichter via Postfix-users writes: > * Byung-Hee HWANG via Postfix-users: > >> Honestly, 311 it was not easy to set up to me. > > These days, one is a bit spoiled for choice when it comes to software > which handles this automatically. LetsDNS (https://letsdns.org

[pfx] Re: configuration to send to recipients in a spread out manner to avoid being considered spam

Wietse Venema via Postfix-users writes: > testeur via Postfix-users: >> Hi, >> >> I did a request to mailman3 ML about this question, but it seems that >> postfix can respond to my request. >> I use mailman3. But AOL, YAHOO seems to consider emails sent to >> recipients as spam or an "Excessiv

[pfx] Re: configuration to send to recipients in a spread out manner to avoid being considered spam

Byung-Hee HWANG via Postfix-users writes: > Wietse Venema via Postfix-users writes: > >> testeur via Postfix-users: >>> Hi, >>> >>> I did a request to mailman3 ML about this question, but it seems that >>> postfix can respond to my request. >

[pfx] Re: gmail failing SPF/DKIM

Wietse Venema via Postfix-users writes: > (...) > gmail rejects all messsages with that sender domain name? Some > messages? I have found that Gmail may treat some 'soft' errors (DNS > timeout) as 'hard' errors. My workaround is to retry deliveries. > > /etc/postfix/main.cf: > transport_maps

[pfx] Re: Some TLS connections untrusted in postfix but trusted with posttls-finger

> ... > Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate > verification failed for in-8.smtp.github.com[140.82.114.32]:25: > num=62:hostname mismatch > ... Maybe you check? root@yw-1204:/etc/postfix# postconf -n | grep CAfile smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.cr

  1   2   >