Postings by J Doe

Syntax question for smtp mandatory TLS encryption


I have a syntax question regarding configuring mandatory TLS encryption for the smtp process as listed on: <a href="" title=""></a>

In the second example on the page, square brackets are used when specifying the policy for specific destinations in the tls_policy file:

[]:587 encrypt protocols=TLSv1 ciphers=high

Are the square brackets only required when the port to use is specified (ie: in previous example when destination was with no port specified, I notice that the square brackets are left out) or is this syntax sp

Questions about mynetworks_style parameter in


I have two questions regarding the “mynetworks_style” parameter in

In man I see that the “subnet” option for “mynetworks_style” is listed as being supported in Postfix < 3.0.

Backscatter questions


I recently configured Postfix 3.1.0 on a low-volume, Internet facing server. Mail operations are normal, but I had two questions regarding backscatter.

1. From what I understand, “backscatter” refers to e-mails such as non-delivery reports being sent back to the originator of a spam message. As the originator is often a forged address, the non-delivery reports is essentially junk data. Would this be a correct definition for the term ?

2. Is it possible to white-list the generation of non-delivery reports for some hosts and prevent generation for all others ?

Virtual domain hosting “catch all” e-mail address


I am currently configuring virtual domain hosting on Postfix 3.1.0 and have a question about the “Postfix Virtual Domain Hosting Howto” document [1].

Under “Postfix virtual ALIAS example: separate domains, UNIX system accounts” there is an example of the virtual file. On line 10 it states:

# jim

This is referred to as a “catch-all address”.

My question is: does this receive ALL e-mail to: or does it only receive e-mail that is addressed to virtual users that do not exist in the virtual file ?


[1] <a href="" title=""></a>

Systemd service files


I have Ubuntu server 16.04 LTS deployed on one of my servers. I have been working at slowly learning systemd but I ran into something that I hadn't expected.

When adding commonly used packages (Apache 2.4.x), I noticed that some of these packages have incomplete systemd service files. In the case of Apache there is a systemd stub that then calls an init.d shim script. As a result, on reboot, systemd shows a load failure (I am assuming from the incomplete service file), for Apache, but Apache is successfully started.

Kernel compiled with Stack Protector ?


In light of the recent report from Armis about the "BlueBorne" Bluetooth vulnerabilities that affect Linux (and other OS's), I was wondering if Ubuntu compiles the kernel with Stack Protector enabled (specifically for Ubuntu 16.04 LTS desktop and to a lesser extent 16.04 LTS server) ?

Secondly, is there a page that outlines the hardening steps that Ubuntu follows for ensuring kernel security ?


- J

Error building nftables on Ubuntu Server 16.04.03 LTS


I am currently attempting to build the nft user land tool from the nftables project [1][2].

On Ubuntu Server 16.04.03 LTS, nft is available via the nftables package, however the version of nft that is installed is version 0.5 whereas the most current version of nft is 0.7.