Hi,
So I'm seeing my local IP address and ISP IP in the Recieved: headers
even though I am authenticating through my mail server. I'm not sure the
best way to scrub these headers from sent email while preserving the
needed incoming headers for analysis if needed. Help? I use
Postfix/Dovecot (iRedA
Here are the line numbers for the remaining two items:
1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog
2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd
Thanks,
Mc.
On Wed, Nov 16, 2016 at 9:40 PM, Mc Secuirty wrote:
> Wietse:
>
> Thank you ver
I see that there is careful memory allocation done for DNS_RR and
TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that
buffer overflow is not caused. However, a confirmation would be great.
On Mon, Nov 21, 2016 at 1:51 PM, Mc Security wrote:
> Here are the line numbers for
Someday (maybe today) I will WRITE DOWN the proper way to generate and export
certificates. Getting this warning in my maillog:
"warning: cannot get private key from file /etc/postfix/privkey.pem"
Doesn't stop TLS from occurring, it is just annoying. TLS is used between
postfix mail gateways
To: postfix-users@postfix.org
Subject: Re: SSL/TLS for dummies
2009/3/17 Security Admin (NetSec) :
> Someday (maybe today) I will WRITE DOWN the proper way to generate and export
> certificates. Getting this warning in my maillog:
>
> "warning: cannot get private key from
I have a network device that I am trying to have logs sent to my mail server
via my postfix mail gateway. When trying to send a test e-mail I get the
following error in my maillog file:
postfix/smtpd[17063]: warning: Illegal address syntax from
device.domain.com[xxx.yyy.zzz.9] in MAIL command:
Running Postfix as a mail gateway, version 2.6.5 and am finally getting around
to implementing SPF in Postfix. I thought the TXT record in DNS would suffice
which is how I have been running it.
Found this how-to link http://www.howtoforge.com/postfix_spf
Is this the proper way or is another r
I currently use Postfix 2.6.5 as mail gateway and Exchange 2007 for internal
e-mail. Right now I have a soft TLS requirement on outbound mail, i.e.
Exchange 2007 is setup to connects via TLS only. For Postfix to require TLS
connection from internal mail server what would I have to change to t
running 2.7.0
I have not changed anything in "main.cf" or "master.cf"
Getting following error in /var/log/maillog
Mar 21 19:00:18 x postfix/smtpd[8118]: fatal: invalid "-o content_filter"
option value: missing '=' after attribute name
Mar 21 19:00:19 x postfix/master[8109]: warning: pr
running 2.7.0
I have not changed anything in "main.cf" or "master.cf"
Getting following error in /var/log/maillog
Mar 21 19:00:18 x postfix/smtpd[8118]: fatal: invalid "-o content_filter"
option value: missing '=' after attribute name
Mar 21 19:00:19 x postfix/master[8109]: warning: pro
This is more of an annoyance than anything else. When my Postfix (v 2.6.7)
attempts to send a message via TLS the following warning is received:
"postfix/smtp[28338]: certificate verification failed for
mail.x.org[xxx.xxx.xxx.xxx]:25: untrusted issuer
/C=US/O=Entrust.net/OU=www.entrust.net
> smtp_tls_CAfile = /etc/postfix/exchange.pem
>>You can list more CAs in this file if you wish.
Is there an existing file or a weblink that would list the current accepted
global root CAs? Since the only one in the "exchange.pem" file is from my
Exchange Server, I could append to this file all
Could someone provide links to sites where IP addresses are grouped by country?
ASNs would work too but would prefer IP lists that I could put in a file that
my postfix mail gateway could read. Obvious countries like China and Brazil I
would like to block wholesale. Thanks in advance!
I have been using Exchange 2007 with postfix mail gateway for almost 3 years
now; both outbound and inbound are encrypted and have had minimal issues (due
to my own stupidity) with communications. I posted a few years ago when I was
running Exchange 2003 which did not do encryption properly and
I recently added a new domain to my postfix mail gateway. I use the
"relay_domains = newdomain, domain2, ..." in "main.cf" to add accepted domains.
I also updated my "relay_recipients" file with the following line:
"@newdomain.com x OK"
All of my other domains s
Brain fart. Forgot to modify the "/etc/postfix/transport" file with the new
domain.
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Security Admin (NetSec)
Sent: Thursday, January 16, 2014 11:25 AM
To: postfix-users@postfix.org
Subject: &
One of my network devices seems to have issues with its hostname:
"Unexpected error from e-mail server(state=3): 504 5.5.2 :
Helo command rejected: need fully-qualified hostname."
Appears in my event log of the device when it tries to send logs to my Postfix
gateway server. Is there a filter
Recently updated to Postfix 3.1
Noticed the following error in my "mail.log" file:
"postfix/smtp [ ]: Cannot load Certification Authority data,
CAfile'"/etc/postfix/localrootCA.pem": disabling TLS support
Where "localrootCA.pem" is the public key of the root CA for my Windows AD
domain. Pos
Problem fixed. Legacy entry in "main.cf"
Apologies, never mind.
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Security Admin (NetSec)
Sent: Saturday, August 20, 2016 11:43 AM
To: Postfix users
Subject: C
I have a postfix mail gateway sitting in front of my internal Exchange 2013
mail servers. Currently have my "/etc/postfix/transport" file set to send mail
to only one of those Exchange servers:
"domain.comsmtp:192.168.1.108"
Would like to setup multiple internal Exchange Server entries
Recently imported files that contained the TLS certificate and the private key.
Imported them to them proper directories and changed the default settings from
the old cert & key files to the new files
("smtpd_tls_cert_file=/etc/ssl/certs/tlscert.pem" and
"smtpd_tls_key_file=/etc/ssl/private/tls
Ignore typo, was trying to obfuscate file.
"/etc/ssl/private/tlsprivate.key" does = "/etc/ssl/private/tlsprivatekey.key"
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Fazzina, Angelo
Sent: Friday, December 08, 2017 10:29 A
"04172018HSBCJSZZH_app.doc" file, then I
recommend scanning your computer for viruses as it may be infected, as
well as contacting your local law enforcement agency.
*United Kingdom*
Action Fruad - https://www.actionfraud.police.uk/report_fraud
National Cyber Security Center https://www.nc
Within the last week or so I am suddenly unable to send or receive from Google
Gmail. Any help with this issue would be appreciated.
Receive Error from mail.log:
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_accept:SSLv3/TLS write
certificate
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_a
Edward Ray
On 6/21/19, 10:36 PM, "owner-postfix-us...@postfix.org on behalf of Viktor
Dukhovni" wrote:
On Sat, Jun 22, 2019 at 04:09:45AM +, Security Admin (NetSec) wrote:
> Within the last week or so I am suddenly unable to send or receive from
> Google
The website for “netsecdesign.com” is different than the one for my postfix
gateway. Different machine, different IP address, different cert.
From: on behalf of lists
Date: Friday, June 21, 2019 at 10:13 PM
To: Security Admin , "postfix-users@postfix.org"
Subject: Re: Unable
Doh!
!TLSv1.3 added to "main.conf" fixed the issue hopefully.
Will work on updating certificate later...
On 6/22/19, 8:10 AM, "owner-postfix-us...@postfix.org on behalf of Security
Admin (NetSec)" wrote:
I figured TLS 1.3 might be the culprit from the logs.
" If you are netsecdesign.com, ssllabs says your cert has issues. Not that this
may be your problem, but I would fix that first."
This cert is not the same cert or the same server or the same IP address as my
postfix SMTP gateway.
The postfix SMTP gateway uses a self-signed certificate.
On 6
What is the correct procedure to disable TLS 1.3 negotiation on postfix?
nnect from
mail-wr1-f42.google.com[209.85.221.42] ehlo=1 starttls=0/1 commands=1/2
On 6/22/19, 10:31 AM, "owner-postfix-us...@postfix.org on behalf of Benny
Pedersen" wrote:
Security Admin (NetSec) skrev den 2019-06-22 19:15:
> What is the correct procedure to disable
Apologies for multiple emails to this list for the same problem.
Some internet searches got me to the right solution.
One of the other posters was correct; it was a certificate issue. Reissued my
cert on my postfix SMTP mail gateways.
All seems to be working now. Gmail defaults to TLS 1.2
I
on behalf of Viktor
Dukhovni" wrote:
> On Jun 22, 2019, at 2:20 PM, Security Admin (NetSec)
wrote:
>
> One of the other posters was correct; it was a certificate issue.
Reissued my cert on my postfix SMTP mail gateways.
As expected, the keyUsage you
32 matches
Mail list logo
