On Wed, May 08, 2013 at 11:49:53PM +, Viktor Dukhovni wrote:
> The encrypted finished message from rho.salmi.ch is 32 bytes, with gdb we see
> that the first four bytes decrypt to:
>
> "0x14 0x00 0x00 0x00" + [(type 20, length 0)]
> 0 bytes finished +
> 20 by
On Wed, May 08, 2013 at 07:19:36PM +, Viktor Dukhovni wrote:
> On Wed, May 08, 2013 at 06:01:52PM +, Viktor Dukhovni wrote:
>
> > posttls-finger: Untrusted TLS connection established to
> > rho.salmi.ch[178.63.9.175]:587: TLSv1 with cipher DHE-RSA-AES256-SHA
> > (256/256 bits)
> >
--On Wednesday, May 08, 2013 5:29 PM -0400 Wietse Venema
wrote:
I believe the correct solution is to just set:
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
This does not override main.cf:smtpd_end_of_data_restrictions.
I suppose tha
On 5/8/2013 2:49 PM, Quanah Gibson-Mount wrote:
> I recently tweaked my settings for my postfix configuration so that
> I have the following defined for the 465 & submission port smtpds:
>
>-o smtpd_recipient_restrictions=
>-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
>
Quanah Gibson-Mount:
> I recently tweaked my settings for my postfix configuration so that I have
> the following defined for the 465 & submission port smtpds:
>
> -o smtpd_recipient_restrictions=
> -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> -o smtpd_end_of_data_re
I recently tweaked my settings for my postfix configuration so that I have
the following defined for the 465 & submission port smtpds:
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_end_of_data_restrictions=
However, this broke cb
On Wed, May 08, 2013 at 06:01:52PM +, Viktor Dukhovni wrote:
> posttls-finger: Untrusted TLS connection established to
> rho.salmi.ch[178.63.9.175]:587: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
> bits)
> posttls-finger: Reconnecting after 1 seconds
> posttls-finger: < 220 rh
Viktor Dukhovni:
> On Wed, May 08, 2013 at 07:24:03PM +0200, Jukka Salmi wrote:
>
> > Funny, I was just going to report the probably same issue...
> >
> > I can reproduce the problem on up-to-date Linux and FreeBSD systems, but
> > not on a older NetBSD system:
> >
> > Linux/x86_64 Postf
On Wed, May 08, 2013 at 07:24:03PM +0200, Jukka Salmi wrote:
> Funny, I was just going to report the probably same issue...
>
> I can reproduce the problem on up-to-date Linux and FreeBSD systems, but
> not on a older NetBSD system:
>
> Linux/x86_64 Postfix 2.10.0OpenSSL 1.0.1e
>
Ralf Hildebrandt --> postfix-users (2013-05-08 09:28:11 +0200):
> Anybody seen this one before?
>
> May 8 00:30:04 albatross postfix/smtp[29327]: SSL_connect error to
> mail.vex.net[98.158.139.68]:25: 0
> May 8 00:30:04 albatross postfix/smtp[29327]: warning: TLS library problem:
> 29327:error
On Tue, May 07, 2013 at 10:59:45PM -0700, mailtime wrote:
> It starts to go wrong around Frame 24660:
> I did disable window scaling on Postfix
What do you mean by "on Postfix"? This is a kernel setting, modified
via "sysctl" or similar. In any case the session you posted has
no window scaling
On Wed, May 08, 2013 at 03:54:35PM +, Viktor Dukhovni wrote:
> Can you reproduce this with:
>
> openssl s_client \
> -cipher $(postconf -xh tls_export_cipher_list) \
> -sslv2 \
> -starttls smtp -connect mail.vex.net:25
Sorry that should be "tls_export_cipherlist" not "t
On Wed, May 08, 2013 at 06:54:01PM +0530, Vijay Rajah wrote:
> I think this is an openssl bug...
>
> FYI: http://www.mail-archive.com/openssl-dev@openssl.org/msg28217.html
That bug is a bug in DTLS, which is quite different from regular
TLS, so it need not be the same issue.
> > May 8 00:30:04
Am 08.05.2013 01:58, schrieb Vincent Lefevre:
> On 2013-05-07 23:00:01 +0200, Jan P. Kessler wrote:
>> Yes this is possible with postfwd. The policy delegation protocol
>> contains reverse_client_name and client_name, which can be used within
>> postfwd rulesets.
>>
>> Example:
>>
>> id=COMBO01
>>
I think this is an openssl bug...
FYI: http://www.mail-archive.com/openssl-dev@openssl.org/msg28217.html
On Wed, May 8, 2013 at 12:58 PM, Ralf Hildebrandt wrote:
> Anybody seen this one before?
>
> May 8 00:30:04 albatross postfix/smtp[29327]: SSL_connect error to
> mail.vex.net[98.158.139.6
On 05/08/2013 08:03 PM, Stan Hoeppner wrote:
On 5/7/2013 5:36 PM, /dev/rob0 wrote:
...
Peter has explained this: you indeed seem to have FCrDNS, just not
Maybe my understanding of the definition of Forward Confirmed reverse
DNS is incorrect. I thought the definition of FCrDNS is that that the
On 8 May 2013 at 3:03, Stan Hoeppner wrote:
> On 5/7/2013 5:36 PM, /dev/rob0 wrote:
> ...
> > Peter has explained this: you indeed seem to have FCrDNS, just not
>
> Maybe my understanding of the definition of Forward Confirmed reverse
> DNS is incorrect. I thought the definition of FCrDNS is th
On 5/7/2013 5:36 PM, /dev/rob0 wrote:
...
> Peter has explained this: you indeed seem to have FCrDNS, just not
Maybe my understanding of the definition of Forward Confirmed reverse
DNS is incorrect. I thought the definition of FCrDNS is that that the
forward and reverse names not only exist but
Anybody seen this one before?
May 8 00:30:04 albatross postfix/smtp[29327]: SSL_connect error to
mail.vex.net[98.158.139.68]:25: 0
May 8 00:30:04 albatross postfix/smtp[29327]: warning: TLS library problem:
29327:error:1408C06F:SSL routines:SSL3_GET_FINISHED:bad digest
length:s3_both.c:239:
M
19 matches
Mail list logo
