> On Aug 5, 2023, at 6:46 AM, Matus UHLAR - fantomas via Postfix-users > <postfix-users@postfix.org> wrote: > > On 05.08.23 00:35, Charles Sprickman via Postfix-users wrote: >> Just following up to myself here, but this Dell POS just bails if it can't >> do TLS, lol: >> >> Aug 5 00:30:52 mail postfix/smtpd[76663]: < unknown[10.3.2.5]: EHLO ANON >> Aug 5 00:30:52 mail postfix/smtpd[76663]: discarding EHLO keywords: STARTTLS >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-ANON >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: >> 250-PIPELINING >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-SIZE >> 80480000 >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-VRFY >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-ETRN >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-AUTH >> PLAIN LOGIN >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: >> 250-ENHANCEDSTATUSCODES >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-8BITMIME >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-DSN >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250-SMTPUTF8 >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 250 CHUNKING >> Aug 5 00:30:52 mail postfix/smtpd[76663]: smtp_stream_setup: maxtime=300 >> enable_deadline=0 min_data_rate=0 >> Aug 5 00:30:52 mail postfix/smtpd[76663]: < unknown[10.3.2.5]: QUIT >> Aug 5 00:30:52 mail postfix/smtpd[76663]: > unknown[10.3.2.5]: 221 2.0.0 Bye >> >> I believe I read somewhere that TLS + AUTH are linked, so I guess I'll just >> add 10.3.2.5 to "mynetworks" and call it a day...
We do a lot of idraccy stuff at the day job. Yes, Auth and Encryption are linked, per: https://www.dell.com/support/kbdoc/en-us/000062035/psqn-idrac7-idrac8-smtp-email-tls-encryption-settings Under the hood, idracs do use openSSL, and it’s not unreasonable to assume that both the SMTP client and the web server use the same linked version. You could start by seeing which ciphers the idrac 7 web UI supports. (Somewhere in the idrac settings, you can set a standard cipher list for the web server, but there’s not a way to get on the thing and run “openssl version"). If I understand the way the TLS handshake works, the server provides a list of supported ciphers, and the client picks one — at no point does the client say which ones it supports, implicitly. Ergo, the only way to really test this, seems to me to experimentally try STARTTLS against a much older machine (or one with older ciphers), that would have been current at the time the iDrac 7 was new, and see which the highest supported is — even if you decide not to use it in that state, the answer posted here could help someone else in the future. Also, are you running the latest iDrac firmware? -Dan
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
