Re: Header & body checks among other things!!

2009-01-25 Thread John Allen
Bill Farina wrote: > I'm not certain if I'm getting what you're saying here, but as I > understand it, deleting spam upstream without allowing the recipient > to peruse it is a bad idea. > > Everybody's mail is different and will require different spam rules. > Spam filtering is fallible. I run P

PIX & timed out while sending end of data -- message may be sent more than once

2011-10-05 Thread John Allen
I am getting the following message/errors Oct 5 00:00:10 myhost postfix/qmgr[18862]: 125BC2400A7: from=, size=2760, nrcpt=1 (queue active) Oct 5 00:00:10 myhost postfix/smtp[28713]: 125BC2400A7: enabling PIX workarounds: disable_esmtp delay_dotcrlf for mail.abc.tld[123.456.789.123]:25 Oct 5

Need to review my postfix setup

2012-12-02 Thread John Allen
I setup my original Postfix setup up some time ago using Jeff Posluns excellent howto/tutorial. My setup works and seems to work quite well, but I know that I have not kept pace with the changes and improvements in Postfix. Additionally, as a result of following this mail list, I believe that my

SMTP vs Submission

2012-12-17 Thread John Allen
For various reasons it has been decided that internal users will only be allowed to use IMAPS/Submiission for email. Our setup is a fairly conventional Postfix/Dovecot/Amavis/... on Debian/Ubuntu. q1) am i correct in assuming that the smtpd section of main.cf is aimed at SMTP (tcp port 25)

Re: SMTP vs Submission

2012-12-17 Thread John Allen
On 17/12/2012 1:54 PM, John Allen wrote: For various reasons it has been decided that internal users will only be allowed to use IMAPS/Submiission for email. Our setup is a fairly conventional Postfix/Dovecot/Amavis/... on Debian/Ubuntu. q1) am i correct in assuming that the smtpd section of

Re: SMTP vs Submission - closed

2012-12-17 Thread John Allen
On 17/12/2012 3:03 PM, /dev/rob0 wrote: On Mon, Dec 17, 2012 at 01:54:59PM -0500, John Allen wrote: For various reasons it has been decided that internal users will only be allowed to use IMAPS/Submiission for email. Our setup is a fairly conventional Postfix/Dovecot/Amavis/... on Debian/Ubuntu

What am I missing

2012-12-20 Thread John Allen
I am doing the admin work for a small group, about 30 people. While this setup works I have the feeling that I am missing something in the Submission stanza of master.cf which might leave me vulnerable. Another thing I wondering about is the order of the various tests in the smtpd_*_ restrict

Re: What am I missing from my Sunmission stanza in Master.

2012-12-21 Thread John Allen
On 21/12/2012 6:25 AM, Reindl Harald wrote: Am 21.12.2012 01:19, schrieb John Allen: I am doing the admin work for a small group, about 30 people. While this setup works I have the feeling that I am missing something in the Submission stanza of master.cf which might leave me vulnerable and

Dovecot LDA vs LMTP

2012-12-23 Thread John Allen
I am using Dovecot as my mail delivery mechanism for both local and virtual users, plus using it as my SASL auth agent. My setup is for a small business (average 30 users). The mail system is on a single server. Which would be better unix/pipes and LDA or LMTP. TIA JohnA -- "He who opens a sch

Re: Dovecot LDA vs LMTP

2012-12-28 Thread John Allen
On 23/12/2012 9:05 AM, Wietse Venema wrote: John Allen: I am using Dovecot as my mail delivery mechanism for both local and virtual users, plus using it as my SASL auth agent. My setup is for a small business (average 30 users). The mail system is on a single server. Which would be better unix

New year

2012-12-28 Thread John Allen
Thank you all for you all for your help over the past year. It surprising, or maybe its not, how much useful information one can glean from just following this list. Wishing you all a very happy and prosperous new year. John A -- "Today's mighty Oak is yesterday's nut that held it's ground.

How useful are header & body checks when used along side Amavis?

2012-12-29 Thread John Allen
My setup is Postfix (2.9.3) + Postgrey + Amavis-new + Dovecot(2.1.7) running on Debian(Wheezy)/Ubuntu(12.04) servers. I have always assumed that header/body checks were worthwhile because they would catch some mal-mail early and thus reduce the overall cost of processing. How useful are header &

Re: Understanding master.cf pickup daemon parameters

2013-01-10 Thread John Allen
I sympathize with you. i found that one of the best fairly agnostic how-tos is the one by Jeffery Posluns which can be found here or can be reached from the Postfix Docs site. JohnA On 09/01/2013 3:57 PM, R

Re: Upgrade for Postfix & Mailman

2013-01-26 Thread John Allen
On 25/01/2013 3:07 PM, Jeff Bernier wrote: Hello All, I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac OS X server (10.5.8). Mailman and Postfix on this system are Apple's implementation on their platform of course. Apple no longer supports the Xserve platform, and

SPF vs SenderID?

2013-01-27 Thread John Allen
The jungle drums has been rumbling about SPF2, as a result I started to do some reading up on the new "standard". So far I seem to have found two camps those for it and those against. From my reading to date those against seem to "winning". It appears to be a Microsoft experiment, is this t

Re: SPF vs SenderID? Off Topic please ignore!

2013-01-27 Thread John Allen
On 27/01/2013 9:15 AM, John Allen wrote: The jungle drums has been rumbling about SPF2, as a result I started to do some reading up on the new "standard". So far I seem to have found two camps those for it and those against. From my reading to date those against seem to "w

OT? managing my posting to this list?

2013-01-27 Thread John Allen
Having screwed up once again and posted an OT to the list I was wondering if there is a way of deleting such postings?

Re: OT? managing my posting to this list?

2013-01-27 Thread John Allen
On 27/01/2013 10:48 AM, Wietse Venema wrote: John Allen: Having screwed up once again and posted an OT to the list I was wondering if there is a way of deleting such postings? No, but you might be able to hold mail in your queue until you are certain that it is OK to send. Assuming that you

Re: clamd with clamsmtp vs mailscanner

2013-01-31 Thread John Allen
On 31/01/2013 6:59 AM, Muhammad Yousuf Khan wrote: i wanted to have an experienced suggestion from Pros. i have been going through from different steps deploying clamav and spamassassin, one is "mailscanner" and seccond one is "clamd with clamsmtp" in your expert opinion which one is the right t

Re: 25-th port is not opened

2013-02-02 Thread John Allen
|| What I should check in the first place? I don't see any sign that postfix is running. How about a simple test to see if it running, most distro have the "service" command so start with service postfix status this should tell you if postfix is running or not. if your distro does not have

Re: 25-th port is not opened

2013-02-02 Thread John Allen
>> How about a simple test to see if it running, ps -A | grep master >no, it isn't running: There is not much point in looking anywhere for a solution for problems, until you have Postfix running. Try "service postfix start" what happens? John A

Re: Creating exceptions to greylisting

2013-02-02 Thread John Allen
On 02/02/2013 11:25 AM, Gerben Wierda wrote: So, I need a whitelist. But how? If you are using postgrey then you can add something to the white list which can be found in/etc/postgrey (debian). Might help John A

Re: 25-th port is not opened

2013-02-02 Thread John Allen
On 02/02/2013 1:16 PM, Reindl Harald wrote: Am 02.02.2013 18:45, schrieb John Allen: How about a simple test to see if it running, ps -A | grep master no, it isn't running: There is not much point in looking anywhere for a solution for problems, until you have Postfix running

Backscatter

2013-04-19 Thread John Allen
Is there a way of testing for backscatter? I do not believe that my setup up is a source of backscatter. However, believing and knowing are different things. When ever I make a change in my setup, I test for open relay. But I wonder if there are other things that I should be testing for. John A

Re: Backscatter

2013-04-19 Thread John Allen
On 19/04/2013 7:03 AM, Charles Marcus wrote: On 2013-04-19 6:57 AM, John Allen wrote: Is there a way of testing for backscatter? I do not believe that my setup up is a source of backscatter. However, believing and knowing are different things. As long as you reject messages destined for

OT - mail archive

2013-04-25 Thread John Allen
I realize that this is off topic, but as there are more email experts assembled here than any where else I know of I have a couple of users who are using their maildir as online storage for emails (current and archival). They have done this on their own and are prepared to live with some o

Advice on Debian/postscreen and optimization

2013-08-06 Thread John Allen
I am running Debian server with Postfix 2.10.0, everything seems to work quite well. My original setup was based up Jeffery Posluns, "Postfix Guides" with later modifications taken from James Seymour's anti-UCE "cheat Sheet", plus reading the Postfix guides and docs on the Postfix web site. Bo

Re: Advice on Debian/postscreen and optimization

2013-08-06 Thread John Allen
On 06/08/2013 3:44 PM, btb wrote: On 2013.08.06 15.34, John Allen wrote: Is there a more up to date guide that I could reference as I review my existing setup. it's unlikely you'll get much endorsement here of arbitrary howtos or guides. instead, i'd encourage you to si

Re: Advice on Debian/postscreen and optimization

2013-08-06 Thread John Allen
On 06/08/2013 6:03 PM, John Allen wrote: On 06/08/2013 3:44 PM, btb wrote: On 2013.08.06 15.34, John Allen wrote: Is there a more up to date guide that I could reference as I review my existing setup. it's unlikely you'll get much endorsement here of arbitrary howtos or guides

Would somebody let me know what I need to do to improve this setup.

2013-08-06 Thread John Allen
root@bilbo:~# postconf -nf alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_size_limit = 65536 broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 default_process_limit = 20 delay_warning_time = 12h disable_vrfy_comm

Re: Would somebody let me know what I need to do to improve this setup.

2013-08-07 Thread John Allen
On 07/08/2013 1:49 AM, DTNX Postmaster wrote: On Aug 7, 2013, at 02:32, John Allen wrote: root@bilbo:~# postconf -nf [snip] message_size_limit = 34359738368 Compare this to ours; == $ /usr/sbin/postconf -nf |grep message_size_limit message_size_limit = 31457280 == And the default; http

Re: Would somebody let me know what I need to do to improve this setup.

2013-08-07 Thread John Allen
On 07/08/2013 2:09 AM, DTNX Postmaster wrote: On Aug 7, 2013, at 02:32, John Allen wrote: root@bilbo:~# postconf -nf [snip] smtp_tls_cert_file = /root/ssl/certs/KLaM_Mail.pem smtp_tls_key_file = /root/ssl/private/KLaM_Mail.key http://www.postfix.org/postconf.5.html#smtp_tls_cert_file Are

Re: Advice on Debian/postscreen and optimization

2013-08-07 Thread John Allen
On 07/08/2013 8:40 AM, LuKreme wrote: On 06 Aug 2013, at 16:03 , John Allen wrote: Am I correct in thinking that postscreen is not a separate daemon, but a process running under master? Um. not sure what you mean there. # psa postfix USER PID %CPU %MEM VSZ RSS TT STAT STARTED

Re: Would somebody let me know what I need to do to improve this setup.

2013-08-07 Thread John Allen
On 07/08/2013 8:25 AM, DTNX Postmaster wrote: On Aug 7, 2013, at 12:03, John Allen wrote: On 07/08/2013 1:49 AM, DTNX Postmaster wrote: On Aug 7, 2013, at 02:32, John Allen wrote: root@bilbo:~# postconf -nf [snip] message_size_limit = 34359738368 Compare this to ours; == $ /usr/sbin

Auto reply/notice

2013-08-15 Thread John Allen
I am trying to retire and close down my business. I have informed all of my closest associates and those who I wish to continue correspondence with have been given my personal contact information. However, I am still getting a fairly large amount of email at my business address, I had thought

Re: Auto reply/notice

2013-08-15 Thread John Allen
On 15/08/2013 12:54 PM, Noel Jones wrote: On 8/15/2013 9:26 AM, John Allen wrote: I am trying to retire and close down my business. I have informed all of my closest associates and those who I wish to continue correspondence with have been given my personal contact information. However, I am

Re: Auto reply/notice

2013-08-15 Thread John Allen
I am trying to retire and close down my business. I have informed all of my closest associates and those who I wish to continue correspondence with have been given my personal contact information. However, I am still getting a fairly large amount of email at my business address, I had thought o

Re: Disabling user submission on port 25

2013-08-26 Thread John Allen
On 26/08/2013 9:00 PM, Noel Jones wrote: On 8/26/2013 7:49 PM, LuKreme wrote: OK, now that port 587 is working, I would like to disable user submission via port 25. Not right now, but in a bit once people have a chance to change their settings. What do I do to prevent users sending via port

Re: Disabling user submission on port 25

2013-08-27 Thread John Allen
On 8/26/2013 10:24 PM, John Allen wrote: I based it something that Noel Jones wrote way back in 2008. I doubt that Noel suggested anything like this. Create a file of the networks you wish to deny access to eg. “Deny_Mynetworks_Access” the content of which will be the same networks as those

Re: Disabling user submission on port 25

2013-08-27 Thread John Allen
On 27/08/2013 6:09 PM, Jeroen Geilman wrote: On 08/27/2013 05:24 AM, John Allen wrote: On 26/08/2013 9:00 PM, Noel Jones wrote: On 8/26/2013 7:49 PM, LuKreme wrote: OK, now that port 587 is working, I would like to disable user submission via port 25. Not right now, but in a bit once people

Problems with gmail

2013-09-09 Thread John Allen
I have been having an intermittent problem sending to gmail. For some reason the problem only seems to affect IPv6 connections. I get the following error message: : host gmail-smtp-in.l.google.com[2607:f8b0:400d:c01::1b] said: 550-5.7.1 [2001:dead:beef:10::182 16] Our system has detecte

Re: FW: 170000 messages in my queue

2013-09-09 Thread John Allen
When you say you turned amavisd off, how did you turn it off?

Re: disturbing TLS error

2013-09-15 Thread John Allen
I ran into a problem that seems to have some of the same attributes. In my case Google was rejecting my email, however they may have been a little more polite about doing so. Have you checked your DNS and reverse DNS entries. Is your server a dedicated system with a single IP address. In my

OT? Help identify source of this error message.

2013-09-15 Thread John Allen
I am getting the following error message in my mail log: Sep 15 22:22:17 bilbo postfix/smtpd[2319]: warning: Illegal address syntax from localhost.lan[127.0.0.1] in RCPT command: I think it is coming from spamassassin, but I cannot find it in any of the various spamassassin files. TIA Joh

Re: OT? Help identify source of this error message. - closed

2013-09-15 Thread John Allen
On 15/09/2013 11:08 PM, Noel Jones wrote: On 9/15/2013 9:47 PM, John Allen wrote: I am getting the following error message in my mail log: Sep 15 22:22:17 bilbo postfix/smtpd[2319]: warning: Illegal address syntax from localhost.lan[127.0.0.1] in RCPT command: I think it is coming from

Re: Google rejecting IPv6 mails

2013-10-08 Thread John Allen
I ran into this problem a little while ago. I found that the problem was the Postfix binds to a port (25) for sending, Linux links that port to an IP when needed. This means that the address may change each time a send is initiated (This is my imperfect understanding of things). To make sure

Re: disable ipv6 when sending to gmail ?

2013-10-22 Thread John Allen
He made the same claim, however, but never backed it up. How are you reaching your conclusion? Because this only mentions A records and IPv4 prefixes? http://www.openspf.org/SPF_Record_Syntax#mx Quick testing: m...@staticsafe.ca -> @gmail.com account Received-SPF: pass (google.com: domain of

Best practices for smtpd restrictions.

2013-10-31 Thread John Allen
Which is "better", to put the various restrictions with the appropriate smtpd__restriction stanzas, or to put them all into the smtpd_recipient_restrictions stanza. I am assuming that smtpd_delay_reject is yes. I have always assumed that putting them in one place had the advantage of allo

hiding IP address and such

2013-11-18 Thread John Allen
Is there any good reason to hide IP addresses and domain names etc when post to this list. Password should of course be hidden/fudged etc.

OT - Dane, TLSA

2013-12-13 Thread John Allen
Does anybody know of a good,but simple write up on DANE and TLSA. It has to be simple enough for me to understand (assume idiot). John A

Re: OT - Dane, TLSA

2013-12-13 Thread John Allen
On 13/12/2013 3:50 PM, Viktor Dukhovni wrote: On Fri, Dec 13, 2013 at 03:11:38PM -0500, John Allen wrote: Does anybody know of a good,but simple write up on DANE and TLSA. It has to be simple enough for me to understand (assume idiot). An explanation of what DANE TLSA is for[*]? Or how to

Re: OT - Dane, TLSA

2013-12-14 Thread John Allen
On Sat, Dec 14, 2013 at 08:31:10AM -0500, John wrote: DANE TLSA records allow sites to independently create leaf and CA certificates after first registering their DNSSEC key-signing-keys with their DNS registrar. So in effect you do have a CA, but it is your DNS registrar and they effectively m

This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-19 Thread John Allen
We want to send alerts to our admin staff from some of our remote servers. All the servers are Debian based and supply, smtp, imaps, file sharing (webdav), calendar and address book capabilities. To send the alerts we have tried email and sms messaging. eMail works but can be slow depending up

Re: This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-19 Thread John Allen
That should say echo -e "message text \r" | Sorry about that

Re: This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-20 Thread John Allen
That is in fact what is installed. Mail and mailx are symlinks to heirloom-mailx.

Solved: This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-20 Thread John Allen
Switched to sendmail, problems seem to have been solved. THNX

Re: Solved: This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-20 Thread John Allen
No, I switched from sing heirloom-mail which I believe is a cli MUA to Postfix sendmail. On 2015-10-20 9:33 AM, Wietse Venema wrote: John Allen: Switched to sendmail, problems seem to have been solved. Please clarify: you switched MTA alternatives? Wietse

Re: This maybe off topic, but could somebody tell me what i am doing wrong?

2015-10-20 Thread John Allen
ext differently to a multi-line block. I am not competent to decide if the as it should be or not. thanks everyone John A On 2015-10-20 10:07 AM, Christian Kivalo wrote: On 2015-10-20 12:38, John Allen wrote: That is in fact what is installed. Mail and mailx are symlinks to heirloom-mailx. Tr

OpenDKIM

2015-11-06 Thread John Allen
Is OpenDKIM worth while? I use amavis and it says it signs and verifies DKIM so do need anything else?

Re: OpenDKIM

2015-11-07 Thread John Allen
Interesting! I tried a couple of DKIM test sites, one says I am signing my emails, the other says I am not!! Mailradar say I am not signing! DKIMValidator say I am! On 2015-11-06 1:13 PM, John Allen wrote: Is OpenDKIM worth while? I use amavis and it says it signs and verifies DKIM so do need

Weak Ciphers

2015-11-08 Thread John Allen
I ran the ssl-tools tests on my mail server. Everything seems to be OK, *BUT* it reports that i am using a weak cipher "ECDHE_RSA_WITH_RC4_128_SHA"! So I sat down and googled - postfix/dovecot/apache - ciphers suites/recommendations less than one year old. I gave up at about the fifteenth res

Re: Permissions

2016-03-01 Thread John Allen
Just back from NZ and did as suggested. Three problems showed up - missing dict_ldap library - as we don't use LDAP I don't think this matters. Localtime differed from the /etc/localtime - not sure why, but copying the file from /etc seemed to solved the problem. The version of libgcc_s in

Re: Mitigating DROWN

2016-03-03 Thread John Allen
Is the following reasonable and/or acceptable, and a better question - will it work? smtp_dns_support_level = dnssec smtp_tls_security_level = dane smtp_tls_ciphers = medium smtp_tls_exclude_ciphers = EXPORT, LOW, IDEA, 3DES, MD5, SRP, PSK, aDSS, kECDHe, kECDhr, kDHd, kDHr, SEED, IDEA, RC2, RC5

Postscreen setup

2016-03-31 Thread John Allen
I am trying to setup postscreen,. I have read the documentation and it would appear that I don't need to do very much to get postscreen working. Which makes me think I have got it wrong. So I have some questions: 1) I have to change smtp ... smtpd to smtp ... postscreen. As my master.cf seem

Re: Postscreen setup

2016-03-31 Thread John Allen
On Mar 31, 2016, at 1:32 PM, John Allen wrote: I have read the documentation and it would appear that I don't need to do very much to get postscreen working. Which makes me think I have got it wrong. So I have some questions: 1) I have to change smtp ... smtpd to smtp ... postscreen.

Re: block all mail from mta's with a FQDN match?

2016-03-31 Thread John Allen
I am not sure what I did here, but I seem to have taken over /dev/rob0's thread, not my intention. My apologies to everyone and in particular to /dev/rob0 John A

Re: Postscreen setup

2016-04-02 Thread John Allen
Thanks for all the help. John A

smtp_relay_restrictions

2016-04-07 Thread John Allen
I am trying to work out what parameters to add to /smtpd_relay_restrictions, /both in main.cf and master.cf. 1. We do not allow relaying by any means! 2. In-house users must be registered, use our domains and port 587 (submission) to send. I use /check_sender_access/ with a table in the fo

Re: smtp_relay_restrictions

2016-04-07 Thread John Allen
of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains/ On 2016-04-07 8:44 AM, John Allen wrote: I am trying to work out what parameters to add to /smtpd_relay_restrictions, /both in main.cf and master.cf. 1. We do not allow relaying

Re: smtp_relay_restrictions

2016-04-08 Thread John Allen
On 2016-04-07 2:47 PM, Noel Jones wrote: On 4/7/2016 7:44 AM, John Allen wrote: I am trying to work out what parameters to add to /smtpd_relay_restrictions, /both in main.cf and master.cf. 1. We do not allow relaying by any means! 2. In-house users must be registered, use our domains and

CLOSED - Re: SV: smtp_relay_restrictions

2016-04-11 Thread John Allen
are authenticated. The "real" MAIL FROM should get accepted if you are authenticated, else it should get rejected as well. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För John Allen Skickat: den 8 april 2016 21:27 Till

Condition negation

2016-04-13 Thread John Allen
Is there a way of negating a smtpd condition. For example if I were to apply c "check_sender_access sql_lookup" under submission in master.cf would it be possible to say something like !check_check_acess ... under smtpd restrctions The idea being that if example.com is allowed access via submis

Re: Condition negation

2016-04-14 Thread John Allen
16-04-14 9:16 AM, Wietse Venema wrote: Wietse Venema: John Allen: Is there a way of negating a smtpd condition. For example if I were to apply c "check_sender_access sql_lookup" under submission in master.cf would it be possible to say something like !check_check_acess ... u

Mail "filters" suggestions

2016-04-16 Thread John Allen
I currently use amavis-new as the mail filter on all the mta sites i have anything to do with and it seems to do a good job. But when I read this list it is obviously not the only one. I don't want to start a slanging match, but i would be interested to know what other people are using and why.

Re: Condition negation

2016-05-02 Thread John Allen
On 2016-04-14 12:40 PM, John Allen wrote: 16-04-14 9:16 AM, Wietse Venema wrote: Wietse Venema: John Allen: Is there a way of negating a smtpd condition. For example if I were to apply c "check_sender_access sql_lookup" under submission in master.cf would it be possible to say

Best practice?

2016-05-03 Thread John Allen
Is it better to add restrictions/tests to the appropriate section or is it better to place then all under one, for example everything to do with sender (check_sender_access...) with smtpd_sender_restrictions. Similar setup for all the other sections. I only ask because in reading various how-t

Re: DANE and DLV

2015-01-07 Thread John Allen
On 07/01/2015 3:02 PM, Viktor Dukhovni wrote: On Wed, Jan 07, 2015 at 02:44:11PM -0500, James B. Byrne wrote: This is exactly our situation. We presently use DLV. I can get our upstream registrar to manually add DS RRs for our .com, .net; and I believe our .org tlds. But they will not do so f

OT - DNSSEC DANE rollover

2015-01-10 Thread John Allen
I wrote the attached script to help me with key rollover. I am not sure where to go with this. If anybody is interested take a look and make what use of you will. Comments and suggestions please. John A #!/bin/bash # # Why this script, the ISC has do created a number of tools to manage and gen

Sanity check

2015-02-16 Thread John Allen
Would somebody take a look at my config. I am a little concerned about the security on submission (587). This is the family server which I use for experimenting. Thanks John A config_directory = /etc/postfix biff = no append_dot_mydomain = no mydomain = klam.ca myorigin = $mydomain myhostname

Re: detecting encryption for outgoing mail

2015-02-16 Thread John Allen
My thanks everybody for their input. It looks as though trying to reliably determine if effective encryption is being will be difficult. Plus, as somebody pointed out there is the additional problem of acquiring the correspondents encryption keys, assuming they have one. Having discussed this wi

Re: SOLVED! How can I debug this problem? rewritten.

2015-02-22 Thread John Allen
Thank you Wietse for the education. Thank you Viktor for solving the problem. Problem solved by removing the no_address_mappings from the master.cf. I am still puzzled why the problem surfaced on the 20th. The only explanation I can come up with I had made some changes and failed to restart/r

retirement

2015-03-15 Thread John Allen
Retirement - Mine. I have finally persuaded my family that it would be a good idea to give up on the family server. I have two, probably minor, problems informing senders of recipients address change. redirect to recipients new address.

Re: Can anyone see anything wrong with this Make command set

2015-04-17 Thread John Allen
take a look at /-I/usr/local/include/mysql//’/ isn't the closing symbol wrong, after mqsql you have an ’ but shouldn't it be single quote ( ' ) Ii don't know what /’ /is, but it looks a bit like an acute accent (´) or a single right quote (’) not a single quote (').// JohnA On 4/17/2015 8:57 A

how to refuse un-encrypted email

2015-06-03 Thread John Allen
Is there any way of testing for and refusing un-encrypted email? secondary, would it be possible to do this based upon the recipient. default would be encrypted, but email directed at some recipients may be in plain text.

Re: how to refuse un-encrypted email

2015-06-03 Thread John Allen
On 2015-06-03 9:42 AM, James B. Byrne wrote: On Wed, June 3, 2015 09:15, John Allen wrote: Is there any way of testing for and refusing un-encrypted email? secondary, would it be possible to do this based upon the recipient. default would be encrypted, but email directed at some recipients may

OT - Security Certs for postfix, dovecot

2017-01-06 Thread John Allen
This may be off topic, so I will not include postfix config for the moment. Should I be using different certs for Postfix smtp (25) and submission (587)? Is this even possible in Postfix? Should Dovecot imaps (993) be using a different cert from Postfix? The question was if the Cert+Key are c

Re: Why no List-ID header in the postfix-users posts?

2017-02-12 Thread John Allen
Josh Good - your DKIM signaturesare showing up as invalid. On 2017-02-12 7:54 AM, Josh Good wrote: On 2017 Feb 12, 07:53, Dominic Raferd wrote: To go back to a point made by OP about SPF being 'good', it seems to me that SPF is fundamentally and irretrievably flawed - and frankly should be dro

Re: Postfix 20 years ago

2017-02-15 Thread John Allen
Many thanks to Dr. Venema for all the hard work he has done in developing one of the greatest software programs around. I would also like to thank him (together with many others) for his unending patience in answering my, sometimes moronic, questions. Thank you very much. John A On 2017-02

Re: Keep Postfix running in the foreground

2018-04-02 Thread John Allen
Dumb question I suspect - what is the attraction of docker? What does it do that I might need? JohnA On April 2, 2018 1:22:29 PM Viktor Dukhovni wrote: > On Apr 2, 2018, at 12:42 PM, Wietse Venema wrote: > > To make the master 'pid 1' one would have to use 'exec > $daemon_directory/master' i