On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
> >
> > The author of comment #4 is not getting it. The problem is NOT
> > that Postfix fails to negotiate EECDH, rather the problem is that
> > it does! Once EECDH is
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
> > This is NOT progress. No support for EC is better than broken
> > support for EC. Either implement EC support or don't.
>
> yes, frustrating, but better start with something crippled and
> hope it improves than wait another 6
Am 22.10.2013 02:33, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
>
> The author of comment #4 is not getting it. The problem is NOT
> that Postfix fails to negotiate EECDH, rather the
On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated, the se
On Mon, Oct 21, 2013 at 11:49:48PM +0200, li...@rhsoft.net wrote:
> >> since you sound very knowledgeable about SSL may you consider
> >> to make a comment there?
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1019251
> >
> > I have enough fish to fry. The problem is obvious, client promi
Am 21.10.2013 23:49, schrieb li...@rhsoft.net:
> i hate it to ask but is there any change postfix avoids ECDHE for such
> destinations
> in case of this situation and continues to use DHE if the requested curve is
> not
> available in the linked openssl library?
>
>>> as far as i can see in al
On 10/21/2013 3:53 PM, btb wrote:
> i have a scenario in which certain email is sent using envelope
> senders that contain host names that are known only on the local
> lan/network, and unknown on the internet. most mail expressing that
> characteristic stays local, but occasionally, some is legit
Am 21.10.2013 23:40, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote:
>
>>> Instead of improving the world by finally supporting EC, they've
>>> made things worse! Previously clients negotiated something other
>>> than EECDH key exchange, now they neg
On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote:
> > Instead of improving the world by finally supporting EC, they've
> > made things worse! Previously clients negotiated something other
> > than EECDH key exchange, now they negotiate it and fail! Sorry to
> > say so, but the Re
Am 21.10.2013 23:04, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
>
>> postfix/smtp[7411]: warning: TLS library problem:
>> 7411:error:100AE081:elliptic curve
>> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
>>
>> maybe relevant
On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
> postfix/smtp[7411]: warning: TLS library problem:
> 7411:error:100AE081:elliptic curve
> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
>
> maybe relevant to "only ECC NIST Suite B curves support"?
> postfix wa
i have a scenario in which certain email is sent using envelope senders
that contain host names that are known only on the local lan/network,
and unknown on the internet. most mail expressing that characteristic
stays local, but occasionally, some is legitimately destined for the
public intern
On Mon, Oct 21, 2013 at 09:51:01PM +0300, Maksim Kulik wrote:
> > Report the output of:
> >
> > ldd bin/posttls-finger
>
> ldd posttls-finger
> posttls-finger:
> libssl.so.8 => /usr/local/lib/libssl.so.8 (0x800ac1000)
> libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800d29000)
Interesti
On Mon, Oct 21, 2013 at 10:22:05PM +0300, Deniss wrote:
> >Show all related logging from process 21730.
>
> Oct 21 21:35:01 box postfix/smtp[19887]:
> warning: TLS library problem: 19887:error:1408F10B:
> SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
> Oct 21 21:35:01 box p
On Mon, 21 Oct 2013 18:10:44 +
Viktor Dukhovni articulated:
> Is this the default SSL library for the OS? (/usr/local/lib rather
> than /usr/lib or /lib)?
The latest version, available in the ports system is: OpenSSL 1.0.1e 11
Feb 2013
The default version is: OpenSSL 0.9.8x 10 May 2012, or a
postfix/smtp[7411]: warning: TLS library problem: 7411:error:100AE081:elliptic
curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to "only ECC NIST Suite B curves support"?
postfix was compiled against exactly this openssl build
as far as i can see fallback to u
Date:
From:
Subject: [none]
On Sun, Oct 20, 2013 at 08:55:33PM +0300, Deniss wrote:
I have an issue with postfix-2.10.2 and latest MS
windows/exchange/outlook: SSL connection cannot be negotiated with
default settings, there is an error in postfix log:
Oct 20 20:13:41 box postfix/smtp[21730]:
Thank you again!
The problem is fixed now. I just rebuilt openssl port without zlib support.
It solved the problem.
>> Openssl version - openssl-1.0.1_8
>When was it last updated? When did the problem start?
This is the most recent version from freebsd ports. This is new
installation. I just installed Freebsd 9.2 stable, updated ports to the
latest version and installed postfix. The problem started as soon
On Mon, Oct 21, 2013 at 01:20:25PM -0500, List wrote:
> >What kind of "alias"? Are you using virtual(5) aliases via
> >virtual_alias_maps, and with backend database, the database schema
> >and query used as well as information about available indexes may
> >be pertinent?
> >
> >Or are you using l
On 10/19/13 3:24 PM, Viktor Dukhovni wrote:
On Fri, Oct 18, 2013 at 10:56:59AM -0500, List wrote:
For example we have the address distgr...@domain.tld which
is an alias to 3000 local users.
What kind of "alias"? Are you using virtual(5) aliases via
virtual_alias_maps, and with backend databas
On Mon, Oct 21, 2013 at 08:02:33PM +0300, Maksim Kulik wrote:
> Postfix version - postfix-2.10.1,1
Probably immaterial. In Postfix 2.11-20131001 you can disable SSL
compression, which seems to be broken below. Sure seems like a
buggy OpenSSL or zlib.
> Openssl version - openssl-1.0.1_8
When w
Viktor, thank you for your help!
Postfix version - postfix-2.10.1,1
Openssl version - openssl-1.0.1_8
FreeBSD version - FreeBSD 9.2-STABLE #1 r256306:
Log and backtrace:
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public L
Dear Community,
VERSION 0.9.16 OF THE ELSE (E-mail Log Search Engine) has just been
released as a tar.gz archive.
As usual, take a look at the README file for the revision history.
The archive is there:
https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20E
On Mon, Oct 21, 2013 at 03:30:46PM +, Viktor Dukhovni wrote:
> On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
>
> > Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
> > verification failed for mx10.unicredit.eu[62.122.80.93]:25:
> > num=7:certificate signature failure
>
Wietse Venema:
> Jose Borges Ferreira:
> > Ok, I understand that you don't have time to explain Postfix internals
> > but the subject was regarding documentation and the MILTER_README is
> > wrong.
>
> Well, the text wasn't wrong. It is not safe to "filter" bounce
> messages until someone does a d
Maksim Kulik:
> Hello!
> I have postfix 2.10 on freebsd 9.2.
> When i try to send some emails, i get following in mail log:
> Oct 21 16:56:27 1gb postfix/smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 220
> imx6.ngs.ru ESMTP ready
> Oct 21 16:56:27 1gb postfix/smtp[7038]: > imx6.ngs.ru[195.19.71.16]:2
On Mon, Oct 21, 2013 at 10:07:13AM -0500, Noel Jones wrote:
> > Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
> > verification failed for mx10.unicredit.eu[62.122.80.93]:25:
> > num=7:certificate signature failure
>
> Looks as if they use a private root CA. Probably the easiest fix is
> to
On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
> Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
> verification failed for mx10.unicredit.eu[62.122.80.93]:25:
> num=7:certificate signature failure
This organization uses SHA256 signatures for their certificates, even
though t
On Mon, Oct 21, 2013 at 05:01:45PM +0300, Maksim Kulik wrote:
> I have postfix 2.10 on freebsd 9.2.
Which 2.10? (2.10.0, 2.10.1, 2.10.2?)
Which version of OpenSSL?
> When i try to send some emails, i get following in mail log:
>
> smtp[7038]: > imx6.ngs.ru[195.19.71.16]:25: EHLO 1gb.by
> smtp[70
On 10/21/2013 7:55 AM, Tobias Reckhard wrote:
> Hello
>
> In configuring a postfix 2.7.0 (on Ubuntu 10.04 LTS) for mandatory TLS
> to a couple of domains, I'm running into the following oddity when
> sending e-mail to the UniCredit servers:
>
> Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
Hello!
I have postfix 2.10 on freebsd 9.2.
When i try to send some emails, i get following in mail log:
Oct 21 16:56:27 1gb postfix/smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 220
imx6.ngs.ru ESMTP ready
Oct 21 16:56:27 1gb postfix/smtp[7038]: > imx6.ngs.ru[195.19.71.16]:25:
EHLO 1gb.by
Oct 21 16:5
Hello
In configuring a postfix 2.7.0 (on Ubuntu 10.04 LTS) for mandatory TLS
to a couple of domains, I'm running into the following oddity when
sending e-mail to the UniCredit servers:
Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
33 matches
Mail list logo
