On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > I no longer see TLS details in the header. I checked maillog and > TLS is being established. > --------------- > From maillog: > Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection > established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 > with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > ------------------------ > > Header (slightly sanitized to stay off of google) > ------------------------------------- > From: some dude <somed...@yahoo.com> > To: "me" <m...@mydomain.com> > Subject: from yahoo > Date: Tue, 8 Nov 2016 07:49:41 +0000 (UTC) > Reply-To: some dude <somed...@yahoo.com> > Return-Path: <somed...@yahoo.com> > X-Original-To: m...@mydomain.com > Delivered-To: m...@mydomain.com > X-Virus-Scanned: amavisd-new at mydomain.com > Authentication-Results: www.mydomain.com (amavisd-new); > dkim=pass (2048-bit key) header.d=yahoo.com > DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > Authentication-Results: mydomain.com; > dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; > bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > h=Date:From:Reply-To:To:Subject:References:From:Subject; > b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > ObjfCt_ERaTcEhRs2wQ_sCyg- > > from yahoo > -----------------------------------------
Where are the Received: headers? Don't remove them. -- Noel Jones > > > # postconf -n (sanitized also) > > > broken_sasl_auth_clients = yes > command_directory = /usr/local/sbin > compatibility_level = 2 > content_filter = amavisfeed:[127.0.0.1]:10024 > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix > inet_interfaces = all > inet_protocols = ipv4 > lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > lmtp_tls_protocols = !SSLv2, !SSLv3 > mail_owner = postfix > mailbox_command = /usr/local/libexec/dovecot/deliver > mailbox_size_limit = 0 > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 0 > milter_default_action = accept > milter_protocol = 6 > mydomain = somedomain.com > myhostname = www.somedomain.com > mynetworks_style = host > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > non_smtpd_milters = $smtpd_milters > policyd-spf_time_limit = 3600 > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = EXPORT, LOW > smtp_tls_loglevel = 2 > smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtp_tls_protocols = !SSLv2, !SSLv3 > smtp_tls_security_level = may > smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/spamsources > smtpd_milters = inet:127.0.0.1:8891 > smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client > rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, reject_rbl_client > cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client > ix.dnsbl.manitu.net, reject_rbl_client rabl.nuclearelephant.com, > reject_rbl_client zen.spamhaus.org, check_policy_service > unix:private/policyd-spf, permit > smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_sender_access > hash:/usr/local/etc/postfix/spamsources > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /usr/local/etc/ipsec.d/certs/somedomain.com.crt > smtpd_tls_ciphers = medium > smtpd_tls_exclude_ciphers = EXPORT, LOW > smtpd_tls_key_file = /usr/local/etc/ipsec.d/private/somedomain.com.key > smtpd_tls_loglevel = 1 > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtpd_tls_protocols = !SSLv2, !SSLv3 > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols > tlsproxy_tls_protocols = $smtpd_tls_protocols > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = hash:/usr/local/etc/postfix/virtual > virtual_gid_maps = static:1003 > virtual_mailbox_base = /var/mail/vhosts > virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains > virtual_mailbox_limit = 0 > virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox > virtual_minimum_uid = 1003 > virtual_uid_maps = static:1003 > > ------------------------ > # uname -a > FreeBSD theranch 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct > 24 18:49:24 UTC 2016 > r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >
