Hi,

I have a syntax question regarding configuring mandatory TLS encryption for the smtp process as listed on: <a href="http://www.postfix.org/TLS_README.html#client_tls" title="www.postfix.org/TLS_README.html#client_tls">www.postfix.org/TLS_README.html#client_tls</a>

In the second example on the page, square brackets are used when specifying the policy for specific destinations in the tls_policy file:

/etc/postfix/tls_policy
[example.net]:587 encrypt protocols=TLSv1 ciphers=high

Are the square brackets only required when the port to use is specified (ie: in previous example when destination was example.net with no port specified, I notice that the square brackets are left out) or is this syntax sp

Hello,

I have two questions regarding the “mynetworks_style” parameter in main.cf.

In man I see that the “subnet” option for “mynetworks_style” is listed as being supported in Postfix < 3.0.

Hello,

I recently configured Postfix 3.1.0 on a low-volume, Internet facing server. Mail operations are normal, but I had two questions regarding backscatter.

1. From what I understand, “backscatter” refers to e-mails such as non-delivery reports being sent back to the originator of a spam message. As the originator is often a forged address, the non-delivery reports is essentially junk data. Would this be a correct definition for the term ?

2. Is it possible to white-list the generation of non-delivery reports for some hosts and prevent generation for all others ?

Hi,

I am currently configuring virtual domain hosting on Postfix 3.1.0 and have a question about the “Postfix Virtual Domain Hosting Howto” document [1].

Under “Postfix virtual ALIAS example: separate domains, UNIX system accounts” there is an example of the virtual file. On line 10 it states:

# @example.com jim

This is referred to as a “catch-all address”.

My question is: does this receive ALL e-mail to: @example.com or does it only receive e-mail that is addressed to virtual users that do not exist in the virtual file ?

Thanks

Sources
[1] <a href="http://www.postfix.org/VIRTUAL_README.html" title="www.postfix.org/VIRTUAL_README.html">www.postfix.org/VIRTUAL_README.html</a>

Hi,

I have Ubuntu server 16.04 LTS deployed on one of my servers. I have been working at slowly learning systemd but I ran into something that I hadn't expected.

When adding commonly used packages (Apache 2.4.x), I noticed that some of these packages have incomplete systemd service files. In the case of Apache there is a systemd stub that then calls an init.d shim script. As a result, on reboot, systemd shows a load failure (I am assuming from the incomplete service file), for Apache, but Apache is successfully started.

Hello,

In light of the recent report from Armis about the "BlueBorne" Bluetooth vulnerabilities that affect Linux (and other OS's), I was wondering if Ubuntu compiles the kernel with Stack Protector enabled (specifically for Ubuntu 16.04 LTS desktop and to a lesser extent 16.04 LTS server) ?

Secondly, is there a page that outlines the hardening steps that Ubuntu follows for ensuring kernel security ?

Thanks,

- J

Hello,

I am currently attempting to build the nft user land tool from the nftables project [1][2].

On Ubuntu Server 16.04.03 LTS, nft is available via the nftables package, however the version of nft that is installed is version 0.5 whereas the most current version of nft is 0.7.