MESSAGE
DATE | 2022-01-06 |
FROM | raf
|
SUBJECT | Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
|
From hangout-bounces-at-nylxs.com Tue Jan 18 13:16:20 2022 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id C341E16409C; Tue, 18 Jan 2022 13:16:19 -0500 (EST) X-Original-To: hangout-at-nylxs.com Delivered-To: hangout-at-nylxs.com Received: by mrbrklyn.com (Postfix, from userid 1000) id B515A164059; Tue, 18 Jan 2022 13:09:15 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Tue, 18 Jan 2022 13:09:15 -0500 Resent-Message-ID: <20220118180915.GC23753-at-www2.mrbrklyn.com> Resent-To: hangout-at-nylxs.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.cloud9.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mrbrklyn.com (Postfix) with ESMTPS id 1D7C5163FA8 for ; Thu, 6 Jan 2022 20:23:57 -0500 (EST) Received: by russian-caravan.cloud9.net (Postfix) id B7462342815; Thu, 6 Jan 2022 20:23:31 -0500 (EST) Delivered-To: postfix-users-outgoing-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id B603C3426EF for ; Thu, 6 Jan 2022 20:23:31 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from russian-caravan.cloud9.net ([127.0.0.1]) by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsgEtv1k_vMZ for ; Thu, 6 Jan 2022 20:23:31 -0500 (EST) Received: by russian-caravan.cloud9.net (Postfix, from userid 54) id 9865934281A; Thu, 6 Jan 2022 20:23:31 -0500 (EST) Delivered-To: postfix-users-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 773BC342815 for ; Thu, 6 Jan 2022 20:23:31 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from russian-caravan.cloud9.net ([127.0.0.1]) by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9ES5uX3GqXy for ; Thu, 6 Jan 2022 20:23:31 -0500 (EST) Received: from ook.raf.org (ook.raf.org [139.99.156.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by russian-caravan.cloud9.net (Postfix) with ESMTPS id 260743426EF for ; Thu, 6 Jan 2022 20:23:30 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by ook.raf.org (Postfix) with ESMTP id 160BF5E1FB for ; Fri, 7 Jan 2022 12:23:18 +1100 (AEDT) X-Virus-Scanned: Debian amavisd-new at ook.raf.org Received: from ook.raf.org ([127.0.0.1]) by localhost (ook.raf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFMDnXGB6VMY for ; Fri, 7 Jan 2022 12:23:16 +1100 (AEDT) Received: by ook.raf.org (Postfix, from userid 1001) id 7B87C5EBDA; Fri, 7 Jan 2022 12:23:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raf.org; s=001; t=1641518596; bh=G1xM5UeZB5dJ2lKmETC6tz/Hr9ULtG+U2DHH2Ag8zS0=; h=Date:From:To:Subject:References:In-Reply-To:From; b=mqpoaIt9/2YIms7YfbAj4G6xWMSeP5M4RY+QXATfvSgS8MuQkpnI6ZCemWDnIvWeg seyVWkwJkX/saRWfhjNb+9Bg0Qb4y5dRPB/s6JEnwOyxMARqrm6lGcITaG2fyi7Q4S t7TK3JXCQ7fn9cg+yajzlBjfMIgWIwQFfVaG9msf8UckfYeMpg8y/mSg4BiOnvirX+ 0MRSpFg9ozn1Nr1hbHhN51fJ8O57b7Zzrk3em6j38ZBE1xHosm4Vf7Gdc1wCYCVm/K WXqccyo9hXgcc6AJ+d2Nw/FeK88bNT5M+z1EHKIyb+EOinCQ3fK31iT8nAXxM5H1Pn /ssMBrfrXGaZA== Date: Fri, 7 Jan 2022 12:23:16 +1100 From: raf To: postfix-users-at-postfix.org Message-ID: Mail-Followup-To: postfix-users-at-postfix.org References: <8e8e3633-1574-aea2-ef68-bb6cea73e751-at-mrbrklyn.com> <20211222052031.GA4914-at-www2.mrbrklyn.com> <20220103182959.GA9594-at-www2.mrbrklyn.com> <20220105091026.GA30311-at-www2.mrbrklyn.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk Subject: Re: [Hangout - NYLXS] Adding Additional domains and outgoing email X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
On Wed, Jan 05, 2022 at 11:09:56PM -0500, Viktor Dukhovni wrote:
> On Thu, Jan 06, 2022 at 02:09:45PM +1100, raf wrote: > > > > is on - so it is asking for client certificates? > > > But that is really not authetication, if I understand things. > > > > It's asking for them (from all clients, even for remote > > mail servers sending you mail which isn't helpful), but > > it's only asking, not requiring. It's better to require > > them for the submission service in master.cf and then > > match the client certificates against a list of known > > fingerprints. > > I don't think that requiring client certs is a best practice. It > precludes concurrent use of alternative authentication methods. Just > asking is generally enough
Thanks. But even so, it should probably still only be a -o override in master.cf rather than in main.cf.
cheers, raf _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|