On 05/12/2010 11:10 AM, Roger Marquis wrote:
I don't personally know why application designers tend to use localhost
IP ports instead of sockets, it's probably easier to code, but it is also
more difficult for end-users / systems admins to secure.
Generally speaking? Because some application u
On 25/10/2011 5:29 PM, Seth Kneller wrote:
I have postfix and roundcube installed on the same server, postfix is
setup to use SASL auth and STARTTLS and I can send messages from
remote clients. However I cannot send messages from roundcube on the
localhost.
Can anyone help or point me to where t
The internet is a swamp, and "Relay access denied" is relatively cheap - if
I were you I wouldn't waste valuable brain cells thinking about this, and
just ignore them.
Now if they're getting through your filters, that's a different story...
--
Harald
On 27 September 2013 05:32, Tomasz Chmielewski wrote:
> This system will however host 5 or so email accounts, that number
> will not grow, and I'd rather avoid extra complexity virtual setup
> brings (as virtual users for Postfix is one, and matching virtual users
> for the POP/IMAP server is ano
On 25 October 2013 14:42, Charles Marcus wrote:
> Whether it is iOS specific or not (apparently it is, at least for the time
> being, iOS specific), it also applies to the smtp connection to my
> *postfix* server, so I disagree that it is OT.
>
> Apparently it is not a hoax, so the question remai
On 25 October 2013 16:34, Charles Marcus wrote:
> Not according to this (from the second paragraph of the linked article):
>
> "Once you install the Intro app, all of your emails, both sent and
> received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all
> your IMAP and SMTP data
On Wed, Mar 18, 2020, at 11:27, Darac Marjal wrote:
> Markdown is a very good step
> towards this, IMO.
Oh the irony...
>From the initial announcement of Markdown by John Gruber
>(https://web.archive.org/web/20040402182332/http://daringfireball.net/projects/markdown/):
" the single biggest sou
I use, J/K are the "next message/previous
message" keyboard shortcuts.
In Outlook, J is the "Mark as Junk" shortcut.
I swear I hit it about once a day as I'm switching email clients ...
--
Harald Koch
c...@pobox.com
On 13 November 2015 at 07:51, Istvan Prosinger wrote:
>
> The point here is that at the start of this, a temporary deferred mail
> queue will build up signifficantly pushing most of the load on the file
> system, and the idea is to speed up the queue processing to prevent killing
> the server (ex
On 15 October 2014 17:06, Robert Schetterer wrote:
>
> doesnt look loosing much here
>
> 4 SSLv3
> 22353 TLSv1
>
> 2 SSLv3
> 17664 TLSv1
>
>
When I did this I saw about the same number of SSLv3 connections so I
looked at them in detail and every one was a SPAM attempt.
(RC4 on the other hand
Maybe it's just a configuration error on my side, but all SMTP from
yahoo.com servers to mine still uses RC4...
--
Harald
In my case It turned out to be me being incredibly stupid; I had
smtpd_tls_mandatory_exclude_ciphers = RC4
instead of
smtpd_tls_exclude_ciphers = RC4
yahoo.com is using AES128 now.
*looks embarrassed...*
--
Harald
Just a small nit:
running opendkim as user opendkim in the systemd service file completely
defeats the ability of opendkim to drop privileges *after* reading the
private keys as root. I suspect most people aren't aware that having a
daemon start as root and drop privileges itself is a security fea
haha I was going to mention the Arch Wiki - it also gives misleading
advice. Their improved setup has private keys owned by (and writable by!)
the same user that the daemon runs as. Hacked daemon -> private key
compromise.
The default service file installed by the Arch package runs as root, btw,
a
I was forgetting.
--
Harald
On 3 September 2017 at 12:15, Harald Koch wrote:
> haha I was going to mention the Arch Wiki - it also gives misleading
> advice. Their improved setup has private keys owned by (and writable by!)
> the same user that the daemon runs as. Hacked daemon
The info I posted earlier, about private keys read via a KeyTable - that
comes from the "FILE PERMISSIONS" section of the opendkim man page.
--
Harald
This isn't an answer to your actual question, however:
I've been using postsrsd (https://github.com/roehling/postsrsd)
successfully to forward email in a similar situation - users with addresses
on my box that they want to be forwarded to a Gmail account. It has obvious
downsides, but it did solve
I solved this particular problem (forwarding third-party email to google)
using "postsrsd" https://github.com/roehling/postsrsd. SRS (Sender
Rewriting Scheme) rewrites the envelope sender address so that it appears
to be from your domain (allowing SPF to work). This is the scheme used by
forwarders
On Wed, Jan 24, 2018, at 08:37, Dirk Stöcker wrote:
>
> It's not sooo complicated:
The length of your message contradicts that statement.
(These days I recommend https://github.com/square/certstrap because it's
easily scripted. I'm currently using it in several ansible playbooks,
for example.)
Is this change in long-standing opinion of the IETF only because existing
implementations so often ignore STARTTLS, or is there actually a security
issue with STARTTLS (instead of implicit TLS)?
--
Harald
>
> I can't think of a single reason to have two submission ports.
>
Compatability with the clients that only implement one?
On 25 June 2018 at 09:42, Matus UHLAR - fantomas wrote:
>
> depends on how do you configure it. hash: should not have noticeable
> performance impact.
>
a linear search through 2000 addresses should not have a noticeable
performance impact either, compared to, say, network round-trip times...
-
On Fri, Feb 8, 2019, at 06:40, Emmanuel Fusté wrote:
>
> Never use shared storage. It will be your main source of problems.
Recognizing that shared storage is always a headache:
How do you handle the situation where your active node crashes with queued,
undelivered messages?
--
Harald
#x27;sha256'), ams.1.list.sys4.de=invalid (public key: does not support hash
algorithm 'sha256'))
smtp.remote-ip=188.68.34.52;
--
Harald Koch
c...@pobox.com
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send
y, really wants to manage a full Postfix environment with
Kubernetes, there's always kube-virt :). [2]
[1]: https://github.com/bokysan/docker-postfix
[2]: https://kubevirt.io/
--
Harald Koch
c...@pobox.com
___
Postfix-users mailing list -- postfix-
1]: https://github.com/roehling/postsrsd
--
Harald Koch
c...@pobox.com
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
26 matches
Mail list logo
