I work with
postconf mail_version
mail_version = 2.11.3
making a Postfix gateway to recieve and relay for my client his domain.
Say his mail domain is "http://clientdomain.com"; and his mail server is
"http://client1.clientdomain.com";.
I am working on TLS security of mail from my server to h
Hello Viktor
> Your logs are too verbose. This just hides the real problem in a torrent of
> noise.
This surprised me because we alway increase the logging when there is trouble
right? But it was the most help!
> Resolving TLS handshake problems requires full-package PCAP captures and
> wire
I am reading and working to understand the MULTI_INSTANCE possibilities in
Postfix.
I am not sure yet that is a good solution for me. May be I can do what I must
with only transport maps.
I although have a question for configuring Postfix encryption if I am using
many instances.
Only a theore
I am working next on the Postfix Recipient address verification step from the
document http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient.
Because I must make the other parts work the parameter in main configuration
is set
smtp_bind_address = 0.0.0.0
All this works especialy goo
Helo Viktor
28. Jan 2015 05:46 by postfix-us...@dukhovni.org:
> The setting is per-transport. Therefore you need a suitable
> additional transport entry in > http://master.cf> with an
> smtp_bind_address
> override, and a custom address_verify_transport or similar.
>
Okay I see the idea.
Helo Viktor
28. Jan 2015 06:10 by postfix-us...@dukhovni.org:
> No that's > http://main.cf> . I meant > http://master.cf> .
>
Ach! That is my reading mistake.
> This gets added as an override option to that > http://master.cf
> transport definition.
>
> Clone "smtp unix ... smtp" or "rel
I am next working on using local database file lookups for Postfix
configuration use.
I see how in the document
http://www.postfix.org/DATABASE_README.html
to use MySQL and LDAP for some things. With some examples and tests I am
sucessful.
I see too the example for hash: or btree: or lmdb:.
I have read the documents for some different Greylisting opportunities for
Postfix
This built into Postfix
http://www.postfix.org/SMTPD_POLICY_README.html#greylist
and popular ones
http://wiki.policyd.org
http://postgrey.schweikert.ch
I am not finding a modern comparison of these and a decisi
28. Jan 2015 18:43 by li...@rhsoft.net:
> besides that greylisting is harmful in case of large sending clusters not
> returning with the same IP while re-try a deferred message postscreen can
> do this more or less as side effect with deep protool tests
>
Yes I see that opportunity in Po
28. Jan 2015 19:17 by wie...@porcupine.org:
> There are good reasons to NOT integrate, and instead use the
> least-expensive solution before the most-expensive solution.
>
> postscreen implements a least-expensive solution that eliminates
> most of the spambots without even allowing them to talk
28. Jan 2015 19:19 by li...@rhsoft.net:
honestly with postscreen *without deep protocol tests) and rbl-scoring (DSNBL
as well as DNSWL) there is no point for greylisting at all
>
> postscreen_dnsbl_ttl = 5m
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_action = enforce
> postscreen_gree
28. Jan 2015 19:28 by li...@rhsoft.net:
> maybe you need some numbers why the below config is good and greylisting
> not needed
>
> peak day 2015/01
>
> * postscreen rejects: 9
> * spamassassin: 120
> * clamav: 15
> * delivered mail: 850
>
> that are numbers for a single day
>
Okay that
28. Jan 2015 19:19 by li...@rhsoft.net:
postscreen_dnsbl_sites =
> > http://b.barracudacentral.org=127.0.0.2*7
> > http://dnsbl.inps.de=127.0.0.2*7
>
I see from the example you give that these are I think all DNSBL that are
domain name searching only
In the notes I am keeping from read
Bleh. I think I am tired and making worse and worse mistakes. May be I need
to make a step away for some time. :-(
I have made some change that I cannot find and have an error now I do not see
or know the cause for.
I made a Postfix instance for getting mail with Postscreen and recipient
v
Hello Patrick
29. Jan 2015 19:37 by p...@sys4.de:
> The problem is probaly in the lines above in your log. Have you tried to
> reload postfix (to get a clear offset in the log)
Yes many times.
> and then telnet to
> 127.0.0.1?
>
Before I am complaining some more times I will first e
With the testing by both telnet and openssl s_client I can see the TLS as the
available option but I see too the "None" cipher.
I am suspecting this though confusing.
I will first read more on the testing with these tools and understanding the
meaning of the logging reply for them. I also see
It is like I said that I did this to myself. I was looking under the wrong
cup in the Shell Game!
Yesterday I had a change to trasnport from 'pf-out' not over the open
internet only over my private internet with a VPN. I did this with reading a
posting from another person.
I changed the http
Hello Wietse
29. Jan 2015 20:49 by wie...@porcupine.org:
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> ...
> smtps inet n - n - - smtpd
> -o syslog_name=postfix/smtps
> ...
>
> The same could be done wi
Hello Wietse:
29. Jan 2015 21:02 by wie...@porcupine.org:
> Postfix could do this automatically, but it is too late for
> the upcoming stable release to make such a change.
>
Only knowing the info is good for now!
If it is some day done automatically then that I think would be usefull.
I am working on making secure conditions on Postfix sending and receiving
only relays.
There are two Postfix servers in two locations.
In the #1 location Postfix configuration is so that
1. Send any mail out to any server on the internet with SMTP like always
2. Relay some specifics mail to
Hello Viktor
30. Jan 2015 04:05 by postfix-us...@dukhovni.org:
> Save yourself a lot of complexity and use a different port for this on the
> destination system. You could use 587, for example. This automatically
> bypasses postscreen.
>
>> So when it passes to #2 server the mail with relay I w
Hello all
Thanks for the multiple advises.
30. Jan 2015 13:46 by a...@extracted.org:
> On Fri, 2015-01-30 at 05:35 +, Viktor Dukhovni wrote:
>
>> And I often find it easier to configure client certs, no SASL or
>> PAM configuration nightmares. :-)
>>
I have made the easy decisision for
Hello Viktor
30. Jan 2015 16:05 by postfix-us...@dukhovni.org:
> > http://www.postfix.org/postconf.5.html#check_ccert_access
>
I did it with this option for Postfix server #2 config. I need to have the
opportunity to set many relay clients some day so I use the access map.
I also set
30. Jan 2015 19:21 by postfix-us...@dukhovni.org:
> What software is listening on that port?
>
I see it is the Postfix part of the Zimbra commercail mail server.
I am told that it must be a unique port for only using TLS AUTH.
>> I can check this now with simple telnet
>>
>> ?telne
24 matches
Mail list logo
