Re: ECDSA chain cert not working

On Mon, May 12, 2014 at 09:39:39PM +0100, SW wrote: > And this seems to have done the trick! Running: > > openssl s_client -connect mail.domain.com:25 -crlf -starttls smtp -CAfile > /usr/local/openssl/certs/AddTrustExternalCARoot.crt > > returns: > > Verify return code: 0 (ok) This results in

Re: ECDSA chain cert not working

Ok, so I have tried: cat mail.domain.com.ecdsa.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt /support/certs/sha256/COMODORSADomainValidationSecureServerCA.crt /support/certs/sha256/COMODORSAAddTrustCA.crt > mail.domain.com.chained.postfix.ecdsa_2.crt cat mail.domai

Re: ECDSA chain cert not working

On Mon, May 12, 2014 at 08:44:00PM +0100, SW wrote: > > A work-around is to list all the relevant CAs in the chain files > for both algorithms. The patches that resolve this for 1.0.2 are > attached for educational purposes only. They are unlikely to apply > to 1.0.1 or earlier in isolation, an

Re: ECDSA chain cert not working

Hi Viktor Many thanks for the reply! So I'm not going crazy...image="smiley_beam.gif"/> You said: A work-around is to list all the relevant CAs in the chain files for both algorithms. The patches that resolve this for 1.0.2 are attached for educational purposes only. They are unlikely to ap

Re: Inbound email delay

On Mon, May 12, 2014 at 11:17:37AM -0700, kornsnap wrote: > Can you point me to where the mailing list welcom message you mentioned > earlier is located? On Mon, May 12, 2014 at 02:26:49PM -0400, majord...@cloud9.net wrote: > korns...@gmail.com [removed from list] On Mon, May 12, 201

Re: Inbound email delay

Can you point me to where the mailing list welcom message you mentioned earlier is located? thanks. -- View this message in context: http://postfix.1071664.n5.nabble.com/Inbound-email-delay-tp67791p67847.html Sent from the Postfix Users mailing list archive at Nabble.com.

Re: ECDSA chain cert not working

On Mon, May 12, 2014 at 04:43:27PM +0100, SW wrote: >Certificate chain > 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.domain.com >i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO > RSA Domain Validation Secure Server CA Notice that the issuer of t

Re: SMTP Server reply message: 220

On 5/12/14, 12:27 PM, "Paul C" wrote: >Ya that's touch to see without more tests, losing connection after >helo might have something to do with the problem injecting in to >postfix, maybe its not liking the response its getting and not >finishing the full smtp commands. In your log, this line s

Re: SMTP Server reply message: 220

Ya that's touch to see without more tests, losing connection after helo might have something to do with the problem injecting in to postfix, maybe its not liking the response its getting and not finishing the full smtp commands. In your log, this line stands out: match_list_match: 10.12.0.101: no m

Re: SMTP Server reply message: 220

Paul, To me it seems that everything should work just fine but yet it fails. Prior to during on debugging for the IPs in question the only error in the logs was the following. smtp1 postfix/smtpd[15062]: connect from tnpsan1.(domain).com[10.12.0.101] smtp1 postfix/smtpd[15062]: lost connection

Re: SMTP Server reply message: 220

What's the error? 220 is a successful response to the greeting and 250 is success for the helo command. The only I see that could cause issue is you are using an internal ip, 10.12.0.100, maybe causing some of your dns stuff to fail on the lookup? All I can see at this point. On Mon, May 12, 2014

SMTP Server reply message: 220

Greetings, I have a remote site with a postfix instance which has a few systems that are receiving the following error. Unfortunately I have been unable to identify the cause and see no reason the system would be having the issue. Sending machine Error An Error occurred trying to test SMTP

PATCH: Berkeley DB6 and Postfix

Wietse Venema: > > Based on src/util/dict_db.c, the latest supported Berkeley DB major > > version is 5. > > There is no db6 port on my FreeBSD9 laptop, so I'll try to install > one from the future. It appears that the API has not changed. To build, use: $ make makefiles CCAGRS="-I/usr/local/in

Re: Berkeley DB6 and Postfix

--On May 12, 2014 at 2:14:39 AM -0400 Wietse Venema wrote: There is no db6 port on my FreeBSD9 laptop, so I'll try to install one from the future. I suggest being aware of . This is one reason th

ECDSA chain cert not working

Yesterday I had my SSL certificate re-issued. I now have two certificates for the same domain. One has an RSA signature and the new one I received yesterday uses ECDSA. I enabled the ECDSA certificate in Dovecot and Apache and those services are working great. In Postfix I have enabled two cer

Re: Separate domains, UNIX system accounts

Please don't hijack unrelated threads. When you have a new message for the list, post it as a NEW message, not as a reply. Thank you. On Mon, May 12, 2014 at 05:03:31PM +0200, Marek Królikowski wrote: > I got strange problem with my postfix i try do separate domains > but use UNIX system accounts

Re: Can postfix smtp client request DSN from remote server?

On Mon, May 12, 2014 at 04:43:22PM +0200, Erik Logtenberg wrote: > Okay, so the thing with DSN's is this: if my email client requests a DSN > on success when sending a mail, my Postfix server will honour that > request. Postfix does this in one of two possible ways: The recommended setting is to

Separate domains, UNIX system accounts

Hello Guys I got strange problem with my postfix i try do separate domains but use UNIX system accounts. i use postfix doc (http://www.postfix.org/VIRTUAL_README.html) but don`t know why it`s not working ( Debian 7 postfix 2.9.6): This is my main.cf: biff = no append_dot_mydomain = no readme_

Re: Can postfix smtp client request DSN from remote server?

Hi, Indeed I was a bit unclear. Okay, so the thing with DSN's is this: if my email client requests a DSN on success when sending a mail, my Postfix server will honour that request. Postfix does this in one of two possible ways: 1. either the remote mail server indicates that it offers DSN capabi

Re: Client side DANE - minimum openssl version

On 09.05.2014 18:44, Andreas Schulze wrote: > Viktor Dukhovni: >> It may be simpler to upgrade your system. > yes, upgrade would be best but sometimes, > older crypto is not as painfull as it should be Although older crypto saves you from heartbleeds. I think there are some good reasons (not that

Re: Berkeley DB6 and Postfix

On Mon, 12 May 2014 02:14:39 -0400 (EDT), Wietse Venema stated: >Sahil Tandon: >> On Sun, 2014-05-11 at 18:18:45 -0400, Jerry wrote: >> >> > The installation halts immediately with this error message: >> > >> > ===> postfix-current-2.12.20140507,4 cannot install: does not work >> > with Berkele