I no longer see TLS details in the header. I checked maillog and TLS is being established. --------------- From maillog: Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) ------------------------
Header (slightly sanitized to stay off of google) ------------------------------------- From: some dude <somed...@yahoo.com> To: "me" <m...@mydomain.com> Subject: from yahoo Date: Tue, 8 Nov 2016 07:49:41 +0000 (UTC) Reply-To: some dude <somed...@yahoo.com> Return-Path: <somed...@yahoo.com> X-Original-To: m...@mydomain.com Delivered-To: m...@mydomain.com X-Virus-Scanned: amavisd-new at mydomain.com Authentication-Results: www.mydomain.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F Authentication-Results: mydomain.com; dkim=pass (2048-bit key; unprotected) header.d=yahoo.com header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; h=Date:From:Reply-To:To:Subject:References:From:Subject; b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep ObjfCt_ERaTcEhRs2wQ_sCyg- from yahoo ----------------------------------------- # postconf -n (sanitized also) broken_sasl_auth_clients = yes command_directory = /usr/local/sbin compatibility_level = 2 content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 lmtp_tls_protocols = !SSLv2, !SSLv3 mail_owner = postfix mailbox_command = /usr/local/libexec/dovecot/deliver mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 0 milter_default_action = accept milter_protocol = 6 mydomain = somedomain.com myhostname = www.somedomain.com mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases non_smtpd_milters = $smtpd_milters policyd-spf_time_limit = 3600 queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_ciphers = medium smtp_tls_exclude_ciphers = EXPORT, LOW smtp_tls_loglevel = 2 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = may smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/spamsources smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client rabl.nuclearelephant.com, reject_rbl_client zen.spamhaus.org, check_policy_service unix:private/policyd-spf, permit smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/usr/local/etc/postfix/spamsources smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/ipsec.d/certs/somedomain.com.crt smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = EXPORT, LOW smtpd_tls_key_file = /usr/local/etc/ipsec.d/private/somedomain.com.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/virtual virtual_gid_maps = static:1003 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains virtual_mailbox_limit = 0 virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox virtual_minimum_uid = 1003 virtual_uid_maps = static:1003 ------------------------ # uname -a FreeBSD theranch 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 24 18:49:24 UTC 2016 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
