On 05/01/2022 10:50 am, Ken Wright wrote:
> Jan 4 19:08:47 grace postfix/smtps/smtpd[17286]: fatal: no SASL
> authentication mechanisms
>
> This is starting to get old.
Posting your running config might get you some help Ken.
Expecting good help otherwise may be a long shot.
Mal
Hello
Just wondering if anyone has an example of a typical 'white_list' file, for
their smtpd_client_restrictions section..
I seem to be able to white list specific hostnames, but not domains with
wildcards .. eg: *.domain.com (where * can be anything)
Mal
Wondering if anyone knows if it's possible to log the certificate CN presented
when Postfix logs "Untrusted TLS connection established from.."
Postifx logs the 'UnTrusted' event well, but I'd like to know if you can see
the CN of the certificate presented by t
y servers. Was that not clear ?
Mal
On 13/07/2017 2:46 PM, Viktor Dukhovni wrote:
>
>> On Jul 12, 2017, at 10:46 PM, Mal wrote:
>>
>> Wondering if anyone knows if it's possible to log the certificate CN
>> presented when Postfix logs "Untrusted TLS connec
Hello
Wondering if Postfix logs any DANE operations?
Postfix MTAs configured:
>
smtp_use_tls = yes
smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
MTA hostnames pass various online SMTP TLS checkers (like
https://www.huque.com/bin/danecheck ).
Mal
Very helpful..
On 13/10/2017 7:13 PM, Viktor Dukhovni wrote:
> On Fri, Oct 13, 2017 at 04:53:57AM +0000, Mal wrote:
>
>> Wondering if Postfix logs any DANE operations?
>
> With DANE turned on, when you send email to a destination with
> DNSSEC and correctly configu
r: type RRSIG for _25._tcp.mta.domain1.com.au
posttls-finger: using DANE RR: _25._tcp.mta.domain1.com.au IN TLSA 3 1 1
EC:xxx (blah)
Any thoughts as to why posttls-finger / postfix are seeking a
non-existent record ?
Mal
On 17/10/2017 5:11 PM, Viktor Dukhovni wrote:
> The only way to find out they don't exist is to ask.
Very good.
> No TLSA records were found, perhaps because the "A" records were
> reported insecure, or because the TLSA records don't exist.
TLSA record is present. The sys4 Dane SMTP validato
ng
> the "ad" bit as/when appropriate.
>
> The BIND server refuses recursion, while the unbound server
> serves no authoritative zones.
Mal
tive data from a master or slave zone.
This was my question to Viktor, "dnssec-validation no", based upon his
previous post. I shall remove it.
Mal
k sent elsewhere. Dane
record returning perfectly now, on posttls-finger, for that domain.
>> dnssec-lookaside auto;
>
> This is obsolete, the ISC DLV zone is now empty, so this should be set
> to "no" in all recursive BIND servers.
>
I deleted this guy.
Thanks Viktor.
Mal
Greetings..
Interested to hear from those running a Postfix(MTA)/Dovecot(IMAP) combo
on what contacts & calendar server projects they are having success with.
Mal
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v2
mQINBFUH/lABEADNI6+MfG5z4eRKAjKSYFqOJNWgJdLjMPU4hUL897Fa2Nr9
Very handy postfix feature..
Mal
On 8/04/2018 6:33 AM, Wietse Venema wrote:
>
> I have "warn_if_reject reject_unknown_reverse_client_hostname" to
> test the waters, and I don't feel an urge to make that a hard reject.
On 10/03/2023 5:24 pm, Viktor Dukhovni via Postfix-users wrote:
> I was also quite happy with
> no tags at all.
+1 no tags
Mal
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-us
14 matches
Mail list logo
