[pfx] postscreen segfault since 3.8.4

2024-02-04 Thread Christophe Kalt via Postfix-users
Hi, I'm seeing regular postscreen segfaults on a test server with minimal traffic. The patterns I noticed from the logs is that it seems to happen when the server gets 2 ~simultaneous connections from the same host: 2024-02-04T14:33:31.876390 info postfix starting the Postfix mail system 2024-02-

[pfx] Re: postscreen segfault since 3.8.4

2024-02-04 Thread Christophe Kalt via Postfix-users
These are the alpine packages themselves, but I'm not familiar with how they're built so I can't rule out a bad build. It's also possible that I didn't let the 3.8.3 version run long enough for it to crash as it happens irregularly. Anyways, spent some time building 3.8.5 from source and am now wa

[pfx] Re: postscreen segfault since 3.8.4

2024-02-05 Thread Christophe Kalt via Postfix-users
> wrote: > On Sun, Feb 04, 2024 at 08:12:56PM -0500, Christophe Kalt via > Postfix-users wrote: > > > These are the alpine packages themselves, but I'm not familiar with how > > they're built so I can't rule out a bad build. It's also possible that I > &g

[pfx] Re: ARC or DKIM or SRS?

2024-02-07 Thread Christophe Kalt via Postfix-users
+1 on setting up SRS, it helps with Gmail and I believe ARC does too (although I don't have hard data on this). Interesting note about postgrey, I didn't think that was effective any longer but maybe it is. On Wed, Feb 7, 2024 at 9:01 PM Doug Hardie via Postfix-users < postfix-users@postfix.org> w

[pfx] improving SRS support

2024-03-06 Thread Christophe Kalt via Postfix-users
Hi, The two options I've seen for implementing SRS are milter and [sender_]canonical_maps but it seems to me that neither are a good fit when rewriting the envelope From as they happen early on (smtpd and cleanup specifically) and before Postfix knows where the mail is going. That's a bit of a pr

[pfx] Re: improving SRS support

2024-03-06 Thread Christophe Kalt via Postfix-users
On Wed, Mar 6, 2024 at 8:18 PM Wietse Venema via Postfix-users < postfix-users@postfix.org> wrote: > This location in the message flow seems right to me. And we already > have an example for implementing an address rewriting _classes > feature. This can even be configured in master.cf if one also

[pfx] Re: improving SRS support

2024-03-07 Thread Christophe Kalt via Postfix-users
I hadn't seen postforward, thanks for the pointer! It's a good approach, small cost of an extra hop, should be easy to enhance as well. On Thu, Mar 7, 2024, 00:36 raf via Postfix-users wrote: > On Wed, Mar 06, 2024 at 07:30:01PM -0500, Christophe Kalt via > Postfix-users

[pfx] Re: SASL reject force disconnect

2024-05-28 Thread Christophe Kalt via Postfix-users
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users < postfix-users@postfix.org> wrote: > For submission I only use xbl (return code 127.0.0.4) excluding other > other data contained in zen like pbl that lists isp dynamic ip ranges from > which you would normally expect to get connectio

[pfx] Monitoring postfix?

2024-07-28 Thread Christophe Kalt via Postfix-users
Hi, How do folks monitor the health of their postfix installations? log monitoring seems to be essential, rates of warning/error messages seem meaningful. Then there are the statistics regularly emitted, but these seem more indicative of busyness. Finally, monitoring queue sizes is probably adv

[pfx] dnssec_probe 'ns:.' received a response that is not DNSSEC validated

2025-02-19 Thread Christophe Kalt via Postfix-users
Hi, 3.10.0 is giving me new warnings: 2025-02-19T02:36:25.415861 warning postfix/smtp warning: DNSSEC validation may be unavailable 2025-02-19T02:36:25.415870 warning postfix/smtp warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated 2025-02-19T02:36:25.527964 info

[pfx] Re: dnssec_probe 'ns:.' received a response that is not DNSSEC validated

2025-02-20 Thread Christophe Kalt via Postfix-users
On Wed, Feb 19, 2025 at 7:41 PM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Wed, Feb 19, 2025 at 06:22:42PM -0500, Christophe Kalt via > Postfix-users wrote: > > > Yes. What's even more puzzling is both builds are fairly recent. I just >

[pfx] Re: dnssec_probe 'ns:.' received a response that is not DNSSEC validated

2025-02-20 Thread Christophe Kalt via Postfix-users
On Thu, Feb 20, 2025, 20:08 Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Thu, Feb 20, 2025 at 07:20:13PM -0500, Christophe Kalt via > Postfix-users wrote: > > > On Wed, Feb 19, 2025 at 7:41 PM Viktor Dukhovni via Postfix-users < > > po

[pfx] Re: dnssec_probe 'ns:.' received a response that is not DNSSEC validated

2025-02-19 Thread Christophe Kalt via Postfix-users
On Wed, Feb 19, 2025 at 8:57 AM Wietse Venema via Postfix-users < postfix-users@postfix.org> wrote: > That part of POSTFIX has NOT changed. Hmpf, so the problem is probably with me, but I'm puzzled. > Does the problem go away if you add "options trust-ad" to > /etc/resolv.conf? > no. > Does