On Mon, Sep 11, 2023 at 18:26:18 -0400, Bill Cole via mailop wrote:
> That's an indication that the client does not like your certificate.
>
> As for why, see
> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
>
> TL;DR: you need to fix the chain of trust for your certificat
On Fri, Nov 17, 2023 at 23:33:13 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 17.11.2023 o godz. 14:34:19 Lukas Tribus via mailop pisze:
> >
> > Google probably wants you to enable STARTTLS, so reducing sending
> > limits for non STARTTLS senders can make sense from Google's POV.
>
> That thread
On Wed, Dec 20, 2023 at 14:49:20 +, Gellner, Oliver via mailop wrote:
> Postfix is potentially vulnerable as for compatibility with broken
> clients it accepts . as an end-of-data command. Well, at least
> it did, Wietse has introduced a flag which fixes this kind of message
> smuggling:
>
> >
On Wed, Jan 17, 2024 at 20:13:13 +, L. Mark Stone via mailop wrote:
> Nonetheless, to be conservative, we've taken to blocking just
> @onmicrosoft.com emails for the moment (no subdomains).
It's strange you'd see anything from @onmicrosoft.com at all, as the
domain itself has no MX nor A or A
On Tue, Nov 19, 2024 at 00:48:48 +1100, Viktor Dukhovni via mailop wrote:
> Top 10 TLS protocol/cipher/cert choices among DANE MX hosts seen by the
> survey (https://stats.dnssec-tools.org):
>
> 30421 TLS 1.3 with TLS_AES_256_GCM_SHA384,X25519,PubKeyALG_RSA
> --> 3738 TLS 1.3 with
On Mon, Feb 10, 2025 at 07:55:39 +0100, Marco Moock via mailop wrote:
> That's why I am asking what other users of opendmarc experienced.
The issue is discussed here:
https://github.com/trusteddomainproject/OpenDMARC/issues/52
and there's a patch here:
https://github.com/flinkflonk/opendmarc-una
