Postfix docs Search Results:

Looking for data in entire archive - Found 171 matches in 29 files
Showing results 1 - 25
Postfix Configuration Parameters, Feb 8 2008
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
data_directory
The directory with Postfix-writable data files (for example: caches, pseudo-random numbers). This directory must be owned by the mail_owner account, and must not be shared with non-Postfix software.
lmtp_data_done_timeout
lmtp_data_init_timeout
The LMTP client time limit for sending the LMTP DATA command, and for receiving the server response.
lmtp_data_xfer_timeout
When the connection stalls for more than $lmtp_data_xfer_timeout
milter_data_macros
The macros that are sent to version 4 or higher Milter (mail filter) applications after the SMTP DATA command. See MILTER_README
milter_end_of_data_macros
The macros that are sent to Milter (mail filter) applications after the message end-of-data. See MILTER_README for a list of available macro names and their meanings.
The lookup tables that the proxymap(8) server is allowed to access for the read-write service. Postfix-owned local database files should be stored under the Postfix-owned data_directory.
smtp_data_done_timeout
smtp_data_init_timeout
The SMTP client time limit for sending the SMTP DATA command, and for receiving the server response.
smtp_data_xfer_timeout
When the connection makes no progress for more than $smtp_data_xfer_timeout
The table must be accessed via the proxywrite service, i.e. the map name must start with "proxy:". The table should be stored under the directory specified with the data_directory parameter.
configuration parameter, which you are strongly encouraged to not change. The default value of tls_null_cipherlist excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer data integrity without encryption or authentication).
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
data_directory
The directory with Postfix-writable data files (for example: caches, pseudo-random numbers). This directory must be owned by the mail_owner account, and must not be shared with non-Postfix software.
lmtp_data_done_timeout
lmtp_data_init_timeout
The LMTP client time limit for sending the LMTP DATA command, and for receiving the server response.
lmtp_data_xfer_timeout
When the connection stalls for more than $lmtp_data_xfer_timeout
milter_data_macros
The macros that are sent to version 4 or higher Milter (mail filter) applications after the SMTP DATA command. See MILTER_README
milter_end_of_data_macros
The macros that are sent to Milter (mail filter) applications after the message end-of-data. See MILTER_README for a list of available macro names and their meanings.
The lookup tables that the proxymap(8) server is allowed to access for the read-write service. Postfix-owned local database files should be stored under the Postfix-owned data_directory.
smtp_data_done_timeout
smtp_data_init_timeout
The SMTP client time limit for sending the SMTP DATA command, and for receiving the server response.
smtp_data_xfer_timeout
When the connection makes no progress for more than $smtp_data_xfer_timeout
The table must be accessed via the proxywrite service, i.e. the map name must start with "proxy:". The table should be stored under the directory specified with the data_directory parameter.
configuration parameter, which you are strongly encouraged to not change. The default value of tls_null_cipherlist excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer data integrity without encryption or authentication).
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
data_directory
The directory with Postfix-writable data files (for example: caches, pseudo-random numbers). This directory must be owned by the mail_owner account, and must not be shared with non-Postfix software.
lmtp_data_done_timeout
lmtp_data_init_timeout
The LMTP client time limit for sending the LMTP DATA command, and for receiving the server response.
lmtp_data_xfer_timeout
When the connection stalls for more than $lmtp_data_xfer_timeout
milter_data_macros
The macros that are sent to version 4 or higher Milter (mail filter) applications after the SMTP DATA command. See MILTER_README
milter_end_of_data_macros
The macros that are sent to Milter (mail filter) applications after the message end-of-data. See MILTER_README for a list of available macro names and their meanings.
The lookup tables that the proxymap(8) server is allowed to access for the read-write service. Postfix-owned local database files should be stored under the Postfix-owned data_directory.
smtp_data_done_timeout
smtp_data_init_timeout
The SMTP client time limit for sending the SMTP DATA command, and for receiving the server response.
smtp_data_xfer_timeout
When the connection makes no progress for more than $smtp_data_xfer_timeout
The table must be accessed via the proxywrite service, i.e. the map name must start with "proxy:". The table should be stored under the directory specified with the data_directory parameter.
configuration parameter, which you are strongly encouraged to not change. The default value of tls_null_cipherlist excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer data integrity without encryption or authentication).
...limit of 20 lines reached, additional matching lines are not shown...

Postfix before-queue Milter support, Feb 8 2008
There's one small complication when using Milter applications for non-SMTP mail: there is no SMTP session. To keep Milter applications happy, the Postfix cleanup(8) server actually has to simulate the SMTP client CONNECT and DISCONNECT events, and the SMTP client EHLO, MAIL FROM, RCPT TO and DATA commands.
milter_command_timeout 30s HELO, MAIL, RCPT, DATA, UNKNOWN
i DATA, EOH, EOM Queue ID
{auth_authen} MAIL, DATA, EOH, EOM SASL login name
{auth_author} MAIL, DATA, EOH, EOM SASL sender
{auth_type} MAIL, DATA, EOH, EOM SASL login method
{client_ptr} CONNECT, HELO, MAIL, DATA
{cert_issuer} HELO, MAIL, DATA, EOH, EOM
{cert_subject} HELO, MAIL, DATA, EOH, EOM
{cipher_bits} HELO, MAIL, DATA, EOH, EOM
{cipher} HELO, MAIL, DATA, EOH, EOM TLS cipher
{tls_version} HELO, MAIL, DATA, EOH, EOM
milter_data_macros 4 or higher DATA
milter_end_of_data_macros 2 or higher
When mail is filtered by non-SMTP filters, the Postfix cleanup(8) server has to simulate the SMTP client CONNECT and DISCONNECT events, and the SMTP client EHLO, MAIL FROM, RCPT TO and DATA commands. This works as expected, with only one exception: non-SMTP filters must not REJECT or TEMPFAIL simulated RCPT TO commands. When a non-SMTP filter REJECTs or TEMPFAILs a recipient, Postfix will report a configuration error, and mail will stay in the queue.

Postfix TLS Support, Feb 8 2008
Sending AUTH data over an unencrypted channel poses a security risk. When TLS layer encryption is required ("smtpd_tls_security_level = encrypt" or the obsolete "smtpd_enforce_tls = yes"), the Postfix SMTP server will announce and accept AUTH only after the TLS layer has been activated with STARTTLS. When TLS layer encryption is optional ("smtpd_tls_security_level = may" or the obsolete "smtpd_enforce_tls = no"), it may however still be useful to only offer AUTH when TLS is active. To maintain compatibility with non-TLS clients, the default is to accept AUTH without encryption.
Note: as of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
Note: as of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
is set to its default (backwards compatible) empty value, the appropriate configuration settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes" with additional settings to harden peer certificate verification against forged DNS data. For LMTP, use the corresponding "lmtp_" parameters.
By default, tlsmgr(8) reads 32 bytes from the external entropy source at each seeding event. This amount (256bits) is more than sufficient for generating a 128bit symmetric key. With EGD and device entropy sources, the tlsmgr(8) limits the amount of data read at each step to 255 bytes. If you specify a regular file as entropy source, a larger amount of data can be read.
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing PRNG state file, move it to the data_directory
Write out database with 1 new entries Data Base Updated

Postfix SMTP relay and access control, Feb 8 2008
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
smtpd_data_restrictions Optional
Reject DATA command
smtpd_end_of_data_restrictions Optional
Reject END-OF-DATA command
Restriction lists are still evaluated in the proper order of (client, helo, etrn) or (client, helo, sender, recipient, data, or end-of-data) restrictions.

Postfix Address Verification, Feb 8 2008
Unfortunately, some major sites such as YAHOO do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites.
NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using an pre-existing database file, move it to the data_directory, and change ownership to the account specified with the mail_owner parameter.

Postfix manual - smtp(8), Feb 8 2008
smtp_data_init_timeout (120s)
The SMTP client time limit for sending the SMTP DATA command, and for receiving the server response.
smtp_data_xfer_timeout (180s)
smtp_data_done_timeout (600s)

Postfix Installation From Source Code, Feb 8 2008
DEF_DATA_DIR data_directory
Note: the data_directory parameter (for caches and pseudo-random numbers) was introduced with Postfix version 2.5.
The interactive version ("make install") asks for pathnames for Postfix data and program files, and stores your preferences in the main.cf file. If you don't want Postfix to overwrite non-Postfix "sendmail", "mailq" and "newaliases" files, specify pathnames that end in ".postfix".

Postfix SMTP Access Policy Delegation, Feb 8 2008
The "recipient" attribute is available only in the "RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages when Postfix accepted only one recipient for the current message.
The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of recipients that Postfix accepted for the current message.
The "size" attribute value specifies the message size that the client specified in the MAIL FROM command (zero if none was specified). With Postfix 2.2 and later, it specifies the actual message size when the client sends the END-OF-DATA command.
Protocol states are CONNECT, EHLO, HELO, MAIL, RCPT, DATA, END-OF-MESSAGE, VRFY or ETRN; these are the SMTP protocol states where the Postfix SMTP server makes an OK/REJECT/HOLD/etc. decision.

sendmail.net:, Feb 8 2008
In your Bugtraq posting about the TCP data corruption problem, you mentioned that IPSEC's limitations on traffic manipulation have provoked some controversy.
The problem we were dealing with in the Bugtraq posting was a bandwidth management system that just changes a few parameters in TCP headers so that the traffic flows more smoothly. Those are things that you simply cannot do when all the data is protected by digital signatures and such. So there are several conflicting requirements, like people wanting to be able to see a bit more of traffic than they would be able to see, and people actually wanting to do some management of the traffic, like bandwidth allocation.
Yes, the encryption makes it impossible to do certain operations. Now, from the point of view of security, this is exactly what you want. All you want is to send your data to the other machine, and it should be sent unchanged: no man-in-the-middle attacks by "helpful" intermediate systems. So these are conflicting requirements.

Postfix Lookup Table Overview, Feb 8 2008
If you change a network database such as LDAP, NIS or SQL, there is no need to execute "postfix reload". The LDAP, NIS or SQL server takes care of read/write access conflicts and gives the new data to Postfix once that data is available.

Postfix Before-Queue Content Filter, Feb 8 2008
# 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks
smtpd_proxy_timeout (default: 100s): Timeout for connecting to the before-queue content filter and for sending and receiving commands and data. All proxy errors are logged to the maillog file. For privacy reasons, all the remote SMTP client sees is "451 Error: queue file write error". It would not be right to disclose internal details to strangers.
The before-filter Postfix SMTP server connects to the content filter, delivers one message, and disconnects. While sending mail into the content filter, Postfix speaks ESMTP but uses no command pipelining. Postfix generates its own EHLO, XFORWARD (for logging the remote client IP address instead of localhost), DATA and QUIT commands, and forwards unmodified copies of all the MAIL FROM and RCPT TO commands that the before-filter Postfix SMTP server didn't reject itself.

Postfix Performance Tuning, Feb 8 2008
documents. Then make sure to avoid latency in the content filter code. As much as possible avoid performing queries against external data sources with a high or highly variable delay. Your content filter will run with a small concurrency to avoid CPU/memory starvation, and if any latency creeps in, content filter throughput will suffer. High volume environments should avoid RBL lookups, complex database queries and so on.
qmgr_message_recipient_limit (default: 20000) The size of many in-memory queue manager data structures. Among others, this parameter limits the size of the short-term, in-memory list of "dead" destinations. Destinations that don't fit the list are not added.

Postfix and Mailman deliver enhanced e-mail security and performance, Feb 8 2008
News & Views: - Silicon Carny: A lazy afternoon - Man evolves to machine - SCO grasping at the Linux straw? - Anything to everything - The physical data architecture - New Product Briefs (March 1, 1999) - - Sun extends Community Source Licensing to chip architectures - The latest tidbits on Sun deals and product news - The network is the story: News on the latest Internet standards and struggles - - Up-to-the-minute news on Sun's rivals - Regular Expressions: Dylan's appeal - LinuxWorld: IBM fills out Linux offerings - New Product Briefs (March 1, 1999) - Microsoft touts E-commerce strategy - News from LinuxWorld Expo - Highlights from LinuxWorld Expo - Open source software braces for another big year - Sun licenses Java Media APIs to Linux developers - Sun licenses Java Media APIs to Linux developers - Sun unveils new application server strategy - Gates predicts NT's high-end success next year - New Product Briefs (March 1, 1999) - Sun, NTT DoCoMo team on Java, Jini - Sun keeps its foot in Java's door - Intel unveils Pentium III Xeon - SCO dresses up UnixWare for the data center - CEBIT: Linux Alley Is crowded, but lacks apps - IDC: Worldwide server revenues down in Q4/98, volume up - Sun, AOL form e-commerce "virtual company" - AOL reorganizes to fold in Netscape

The Standard: Behind the Big Blue Wall, Feb 8 2008
Stock data provided by Stockpoint and its data suppliers. Copyright 1995-2001

Sharing Software, IBM to Release Mail Program Blueprint, Feb 8 2008
"This is IBM's Christmas present to the Internet," said Abner Germanow, a computer security analyst at the International Data Corp., a market research firm. "For these are core pieces of software, and we're going beyond trying to make money off of them, to the idea that by freely sharing them it will make the world a better place."
In addition, IBM is making its software compatible with Apache, a popular open-source Web server program, and earlier this year it announced plans to make a version of its DB2 relational data base program available for the open-source Linux operating system.

Postfix Add-on Software, Feb 8 2008
This uses the file system (instead of a database file) for storing greylist data and configuration information.

Postfix LDAP Howto, Feb 8 2008
Our second use case instead expands "memberdn" attributes (1), (2), (6) and (7), follows the DN references and returns the "maildrop" of the referenced user entries. Here we use the "special_result_attribute" setting from ldap_table(5) to designate the "memberdn" attribute as holding DNs of the desired member entries. The "result_attribute" setting selects which attributes are returned from the selected DNs. It is important to choose a result attribute that is not also present in the group object, because result attributes are collected from both the group and the member DNs. In this case we choose "maildrop" and assume for the moment that groups never have a "maildrop" (the "bgroup" "maildrop" attribute is for a different use case). The returned data for "auser" and "buser" is from items (11) and (13) in the example data.

Postfix XFORWARD Howto, Feb 8 2008
250 Ok DATA
354 End data with <CR><LF>.<CR><LF> . . .message content. . .

Postfix Berkeley DB Howto, Feb 8 2008
Some UNIXes ship without Berkeley DB support; for historical reasons these use DBM files instead. A problem with DBM files is that they can store only limited amounts of data. To build Postfix with Berkeley DB support you need to download and install the source code from http://www.oracle.com/database/berkeley-db/.

Postfix XCLIENT Howto, Feb 8 2008
250 Ok DATA
354 End data with <CR><LF>.<CR><LF> . . .message content. . .

Postfix Add-on Software, Feb 8 2008
This uses the file system (instead of a database file) for storing greylist data and configuration information.

Sys Admin Magazine Online, Feb 8 2008
Some other security lessons learned from Sendmail (among others) and incorporated into Postfix are that there are no setuid programs, no /tmp race conditions, no remote data in shell variables or shell commands, and no fixed-length string buffers.

Catching up with Wietse Venema, creator of Postfix and TCP Wrapper, Feb 8 2008
Duane Dunston is an Information Technology Specialist (Security) for the National Climatic Data Center. He was previously a contractor for STG Inc. for the same organization. He received his B.A. and M.S. degrees from Pfeiffer University and he has his GSEC certification from SANS. Hey, Ann Curry!


Limit of 25 files reached.
New Query: Rank by:
Search results by Webglimpse Advanced Site Search Engine