- 17 Jan, 2022 1 commit
-
-
Wágner Ferenc authored
-
- 10 Jan, 2022 1 commit
-
-
Wágner Ferenc authored
-
- 17 Nov, 2021 2 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 16 Nov, 2021 2 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 02 Nov, 2021 3 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 08 Oct, 2021 3 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 22 Jul, 2021 1 commit
-
-
Wágner Ferenc authored
Especially DNSSEC employs big payloads. The original EDNS buffer size of 4096 isn't recommended anymore, modern clients advertise 1232 bytes instead (the glibc stub resolver uses the even more conservative 1200 bytes), and servers similarly truncate their responses to avoid having them fragmented. This initiates TCP fallback, which, if not allowed, leads to "DANE error: tlsa lookup DEFER" failure messages from the Exim remote_smtp transport (after a long connect timeout). https://labs.apnic.net/?p=1390 https://dnsflagday.net/2020/
-
- 21 Jul, 2021 1 commit
-
-
Wágner Ferenc authored
-
- 14 Jul, 2021 2 commits
-
-
Wágner Ferenc authored
For transparency let's try to keep all the list domain configuration in one place, no /etc/aliases, .forward, .procmailrc and similar. And no accidental local delivery.
-
Wágner Ferenc authored
It was (rightfully) confused by the MX record pointing to ourselves. Also hardwire the ipv6forum@ipv6forum.hu redirect to keep the configuration in one place. At the same time this puts it on equal footing with the lista.edu.hu domain (mostly).
-
- 06 Jul, 2021 1 commit
-
-
Wágner Ferenc authored
-
- 03 Jul, 2021 1 commit
-
-
Wágner Ferenc authored
-
- 22 Jun, 2021 1 commit
-
-
Wágner Ferenc authored
-
- 18 Jun, 2021 7 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
The dependency runs the mailman role with --tags apache, wasting time.
-
Wágner Ferenc authored
This sidesteps a DoS possibility and does not lie to our usual firewall check (which considers kernel log freshness).
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 14 Jun, 2021 4 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
- 11 Jun, 2021 10 commits
-
-
Wágner Ferenc authored
-
Wágner Ferenc authored
A standard STARTTLS + LOGIN authenticated submission service is useful in mobile situations, so support it as a side project.
-
Wágner Ferenc authored
-
Wágner Ferenc authored
Now that we don't use satellite config anymore it can make a difference.
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
-
Wágner Ferenc authored
But accept local recipients from local (not TCP/IP) and loopback SMTP connections only.
-
Wágner Ferenc authored
Replace common.exim with a specialized router. This enables meaninful sender and recipient verification, because all addresses aren't routable anymore. And doesn't put mailing list load on our redirector service.
-