Ask for Client Certificates

Hello! I have a question regarding the following (smtpd_tls_ask_ccert): Unfortunately, Netscape clients will either complain if no matching client certificate is available or will offer the user client a list of certificates to choose from. Additionally some MTAs (notably some versions of qmail)

Re: tls question to viktor,

On ons 29 jan 2014 14:51:26, Marko Weber | ZBF wrote: > > hello, > viktor or any other. > > in the postfix tls readme:" In order to use TLS, the Postfix SMTP > server generally needs a certificate and a private key. Both must be > in "PEM" format. " > > i have setup this way in my main.cf: > > smtp

Re: Ask for Client Certificates

On ons 29 jan 2014 14:10:27, Wietse Venema wrote: > Patrik B?t: >> And can you somehow explicitly set this to only specified clients to >> request client certificate? > > Yes. Ask client certificates on the (mail client) submission service, > not on the (mta to mta) port 25 service. > > Wiets

Re: one Users restriction not to send to one other users

Hello! A policy daemon can do this, have a look at postfwd (postfwd.org)! On fre 31 jan 2014 13:54:23, Vishal Agarwal wrote: > Hi, > > I am looking for some solution; so that one particular user is > restricted not to send email to one particular user. > > like if a...@xyz.com

Re: Ask for Client Certificates

On lör 1 feb 2014 13:30:17, Bastian Blank wrote: > On Wed, Jan 29, 2014 at 11:39:09AM +0100, Patrik Båt wrote: >> I know this is a client problem, but have anyone seen any impact for >> enabling this? Is it a big problem now-days? > > I tried it once. The client will ask i

SASL defer rather then reject

Hello! When saslauthd crashes or beeing stopped, mails are bounced. eg: 535 5.7.8 Error: authentication failed: generic failure Can I somehow change it to just defer? // Patrik signature.asc Description: OpenPGP digital signature

Re: SASL defer rather then reject

On tis 4 feb 2014 15:13:03, LuKreme wrote: > > On 04 Feb 2014, at 06:57 , Patrik Båt wrote: > >> When saslauthd crashes or beeing stopped, mails are bounced. > > Well, first off, why is saslauthd crashing? Fix that. saslauthd[33257]: DEBUG: auth_pam: pam_authenticate failed:

Re: SASL defer rather then reject

On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: > On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: > >> When saslauthd crashes or beeing stopped, mails are bounced. >> eg: 535 5.7.8 Error: authentication failed: generic failure >> >> Can I somehow change it to just defer? > > If you

Re: SASL defer rather then reject

On tis 4 feb 2014 15:42:04, Patrik Båt wrote: > On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >> On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: >> >>> When saslauthd crashes or beeing stopped, mails are bounced. >>> eg: 535 5.7.8 Error: authe

Re: SASL defer rather then reject

On ons 5 feb 2014 09:17:57, Patrik Båt wrote: > On tis 4 feb 2014 15:42:04, Patrik Båt wrote: >> On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >>> On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: >>> >>>> When saslauthd crashes or beeing s

Re: SASL defer rather then reject

On ons 5 feb 2014 09:43:52, Patrik Båt wrote: > On ons 5 feb 2014 09:17:57, Patrik Båt wrote: >> On tis 4 feb 2014 15:42:04, Patrik Båt wrote: >>> On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >>>> On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wr

Re: SASL defer rather then reject

On ons 5 feb 2014 09:50:32, Patrik Båt wrote: > On ons 5 feb 2014 09:43:52, Patrik Båt wrote: >> On ons 5 feb 2014 09:17:57, Patrik Båt wrote: >>> On tis 4 feb 2014 15:42:04, Patrik Båt wrote: >>>> On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >>&g

TLS problems / OpenSSL

Hello! I'm having problem with "TLS library" eg: Feb 5 10:49:31 smtpXX postfix/smtp[10508]: warning: TLS library problem: 10508:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337: Migration from Debian Squeeze to Wheezy, with new libssl (version 1.0.1e) and tested vers

Re: TLS problems / OpenSSL

On ons 5 feb 2014 10:54:02, Patrik Båt wrote: > Hello! > > I'm having problem with "TLS library" eg: > > Feb 5 10:49:31 smtpXX postfix/smtp[10508]: warning: TLS library problem: > 10508:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number:s3_

Re: SASL defer rather then reject

On ons 5 feb 2014 16:40:15, Viktor Dukhovni wrote: > On Wed, Feb 05, 2014 at 10:01:15AM +0100, Patrik B?t wrote: > >> Maybe check that SASL give a respons, and if not just tmp fail it. or >> someother check. > > The proposed patch is incorrect. Please reply on-list only. > >> --- ../../../postfix

Re: Postfix DNS resolver blindly relying on cached Additional section?

On 2013-10-10 02:18, Viktor Dukhovni wrote: > > It does not fail to find it. It just uses IPv4. See: > > http://www.postfix.org/postconf.5.html#smtp_address_preference > > The documentation for > > http://www.postfix.org/postconf.5.html#inet_protocols > > is sadly I believe out of date.

Re: Setting up catchall mailbox

On fre 14 mar 2014 13:33:27, Roman Gelfand wrote: > Below, is my postfix alias configuration. > > virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf > ldap:/etc/postfix/ldap-aliases.cf > ldap:/etc/postfix/ldap-mail.cf > ldap:/etc/pos

Bounces are not sent sometimes.

Hello list! I'm having problem with a bounce that was never send to the sender. *Here is the log when it fails:* Jul 2 13:03:05 smtp9 postfix-out/qmgr[5316]: 575C227A388: from=, size=125355, nrcpt=1 (queue active) Jul 2 13:03:05 smtp9 postfix-out/smtp[8391]: 575C227A388: to=, relay=none, delay=

Re: Bounces are not sent sometimes.

On tor 3 jul 2014 13:10:04, Wietse Venema wrote: > Wietse Venema: >> Wietse Venema: >>> Patrik B?t: I'm having problem with a bounce that was never send to the sender. *Here is the log when it fails:* Jul 2 13:03:05 smtp9 postfix-out/qmgr[5316]: 575C227A388: from=, size=1

recipients attribute, policy daemon.

Hello! Is there ever going to be a recipient(s) attribute from postfix to policy daemon? "The "recipient" attribute is available in the "RCPT TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE" stages if Postfix accepted only one recipient for the current message." Or might I requ

Re: recipients attribute, policy daemon.

On 2014-10-10 16:26, Wietse Venema wrote: > Jan P. Kessler: Or what the limitations are. >>> Note that you can not return different results for different >>> recipients at data or end_of_data stage. You can only pass or reject >>> the whole mail at all. >>> >> p.s. the policy server example

SpamCop

Hello! It seems like SpamCop has/had some problems, our reject for SpamCop drops yesterday, anyone else that experience the same? https://www.scamwarners.com/forum/viewtopic.php?f=2&t=91005 Snip:/ //Hey All,// //Just to let you know Spamcop is down, the "captcha" function is looping// //which re

Re: Postfix resolve error

On 2014-10-20 11:32, Austin Einter wrote: > I restarted postfix. Then from thunderbird mail client (running in > Ubuntu 12.04) trying to connect to an mail account, which is already > present. > > I get below error. > > > Oct 20 05:26:44 Austin postfix/master[14249]: daemon started -- > version 2.9

Re: SpamCop

On 2014-10-20 11:43, Patrik Båt wrote: > > Hello! > > It seems like SpamCop has/had some problems, our reject for SpamCop > drops yesterday, anyone else that experience the same? > > https://www.scamwarners.com/forum/viewtopic.php?f=2&t=91005 > > Snip:/ > //H

Re: SpamCop

On 2014-10-20 16:21, Wietse Venema wrote: > Patrik B?t: >> It seems like SpamCop has/had some problems, our reject for SpamCop >> drops yesterday, anyone else that experience the same? >> >> https://www.scamwarners.com/forum/viewtopic.php?f=2&t=91005 > This is the POSTFIX mailing list. > > Wi

tls_policy_map, combination with transport_maps

Hello! *main.cf config:* smtp_tls_policy_maps = hash:/etc/postfix/maps/tls_policy transport_maps = proxy:mysql:/etc/postfix/mysql/relay-transport.cf *Postmap query:* postmap -q i...@testkund.domain.tld mysql:/etc/postfix/mysql/relay-transport.cf smtp:d748.dev-cust.domain.tld:

Re: tls_policy_map, combination with transport_maps

On 2014-10-23 16:27, Noel Jones wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 10/23/2014 8:32 AM, Patrik Båt wrote: >> Hello! >> >> *main.cf config:* smtp_tls_policy_maps = >> hash:/etc/postfix/maps/tls_policy transport_maps = >

Release date of Postfix 3.0?

Hello! Is there a set release date for Postfix 3.0, or is it released when its "done"? - Patrik signature.asc Description: OpenPGP digital signature

Re: Release date of Postfix 3.0?

On 2014-11-14 17:40, Wietse Venema wrote: > Edgar Pettijohn: >> So around August? > Have a look at http://www.postfix.org/announcements.html, and see > when Postfix 2.{7-11}.0 were released. > > Wietse Thanks guys, so around Jan/Feb :) signature.asc Description: OpenPGP digital signature

tls_policy_maps as mysql table

Hello! How do I return the data? for now I've tried: hostname/next-hop option (returning just one field with a space in-between) hostname/next-hop,option (returning 2 fields) Tried with a regular hash file and that works, returning the some data end me up with this warning: Nov 19 13:18:08 dev-

Re: tls_policy_maps as mysql table

On 2014-11-19 13:54, Patrik Båt wrote: > Hello! > > How do I return the data? > for now I've tried: > > hostname/next-hop option (returning just one field with a space in-between) > hostname/next-hop,option (returning 2 fields) > > Tried with a regular hash file an

Re: tls_policy_maps as mysql table

Btw, Vi vill ha deliverystatus som visar encrypted or not va ? On 2014-11-19 14:06, Patrik Båt wrote: > On 2014-11-19 13:54, Patrik Båt wrote: >> Hello! >> >> How do I return the data? >> for now I've tried: >> >> hostname/next-hop option (retu

Re: tls_policy_maps as mysql table

On 2014-11-19 14:35, Patrik Båt wrote: > Btw, Vi vill ha deliverystatus som visar encrypted or not va ? > > On 2014-11-19 14:06, Patrik Båt wrote: >> On 2014-11-19 13:54, Patrik Båt wrote: >>> Hello! >>> >>> How do I return the data? >>> f

Re: tls_policy_maps as mysql table

On 2014-11-19 15:12, Wietse Venema wrote: > Patrik B?t: >> Hello! >> >> How do I return the data? > Same format as a hash: based table lookup result. That is: > > postmap -q query-string hash:/path/to/file > > should return the same result as: > > postmap -q query-string mysql:path/to/file > >

posttls-finger

Hello! The fingerprint that posttls-finger is returning, what fingerprint is this? it doesn’t match the one I'm getting from the certificate using: openssl x509 -in cert.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -md5 -c Best regards, Patrik. signature.asc Description

Re: posttls-finger

On 2014-11-20 10:18, Matthias Schneider wrote: > Am 20.11.2014 um 10:07 schrieb Patrik Båt: >> Hello! >> >> The fingerprint that posttls-finger is returning, what fingerprint is >> this? it doesn’t match the one I'm getting from the certificate using: >> >&

Re: posttls-finger

On 2014-11-20 10:27, Patrik Båt wrote: > On 2014-11-20 10:18, Matthias Schneider wrote: >> Am 20.11.2014 um 10:07 schrieb Patrik Båt: >>> Hello! >>> >>> The fingerprint that posttls-finger is returning, what fingerprint is >>> this? it doesn’t match t

Re: posttls-finger

On 2014-11-20 18:21, Viktor Dukhovni wrote: > On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote: > >>> Ah thanks for the heads up, posttls-finger returned sha1, probably >>> because it runs OpenSSL 1.0.x. >> "The best practice algorithm is now sha1", maybe thats why it is default >> in pos

Re: posttls-finger

On 2014-11-21 09:50, Patrik Båt wrote: > On 2014-11-20 18:21, Viktor Dukhovni wrote: >> On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote: >> >>>> Ah thanks for the heads up, posttls-finger returned sha1, probably >>>> because it runs OpenSSL 1.0.x.

Bounce Message

Hello! Is it possible to not attach the email when generating a bounce? What happens if I set this to zero? bounce_size_limit (default: 5) / Patrik signature.asc Description: OpenPGP digital signature

Re: Bounce Message

On 2014-12-09 10:07, Jose Borges Ferreira wrote: > On Tue, Dec 9, 2014 at 8:46 AM, Patrik Båt wrote: >> Hello! >> >> Is it possible to not attach the email when generating a bounce? >> >> What happens if I set this to zero? bounce_size_limit (default: 5)