> On Feb 2, 2018, at 12:39 AM, Olivier wrote:
>
>> You've also not explained what you mean by deleting and recreating the
>> account.
>
> I am not a Mac user, but from the Mail app, select Files/Account and
> remove the account that makes problem and recreate it the same.
Right, so this is a
Viktor Dukhovni writes:
>> On Feb 2, 2018, at 12:03 AM, Olivier wrote:
>>
>> I apologize for being abiguous. It is a problem of authentication to
>> SMTP (they have no problem with IMAP). And the certificate has not
>> changed (same machine, same name, same file); and cyrus saslauthd has
>> not
> On Feb 2, 2018, at 12:03 AM, Olivier wrote:
>
> I apologize for being abiguous. It is a problem of authentication to
> SMTP (they have no problem with IMAP). And the certificate has not
> changed (same machine, same name, same file); and cyrus saslauthd has
> not changed either.
And you're a
Viktor Dukhovni writes:
>> On Feb 1, 2018, at 11:31 PM, Olivier wrote:
>>
>> I apologize if tht has already been posted, but I could not find any
>> reference.
>>
>> I recently upgraded my postfix server from 2.11.6 to 3.2.3_1.
>>
>> Postfix server runs on a FreeBSD OS. The upgrade was seamle
> On Feb 1, 2018, at 11:31 PM, Olivier wrote:
>
> I apologize if tht has already been posted, but I could not find any
> reference.
>
> I recently upgraded my postfix server from 2.11.6 to 3.2.3_1.
>
> Postfix server runs on a FreeBSD OS. The upgrade was seamless for all
> the users except th
Hi,
I apologize if tht has already been posted, but I could not find any
reference.
I recently upgraded my postfix server from 2.11.6 to 3.2.3_1.
Postfix server runs on a FreeBSD OS. The upgrade was seamless for all
the users except the users connecting from a Mac:
- a Mac that never used the M
> On Feb 1, 2018, at 1:44 PM, Danny Horne wrote:
>
> Possibly, do I understand right that I'm going to have to separate all
> cacerts from the bundle files before using rehash?
Yes, but if your OS distribution does not provide a package that handles
all this, perhaps you should just stick with
On 01/02/2018 6:40 pm, Viktor Dukhovni wrote:
>
>> On Feb 1, 2018, at 1:26 PM, Danny Horne wrote:
>>
>> I might have a go at that later (can't find
>> c_rehash anywhere but do have csplit available)
> https://www.openssl.org/docs/man1.1.0/apps/openssl-rehash.html
> https://www.openssl.org/docs
> On Feb 1, 2018, at 1:26 PM, Danny Horne wrote:
>
> I might have a go at that later (can't find
> c_rehash anywhere but do have csplit available)
https://www.openssl.org/docs/man1.1.0/apps/openssl-rehash.html
https://www.openssl.org/docs/man1.0.2/apps/c_rehash.html
Perhaps your O/S distr
On 01/02/2018 5:59 pm, Viktor Dukhovni wrote:
> This both loads the default CAfile and sets up the default CApath, so
> we don't yet know whether your CApath directory is fully prepared or
> not... So now you could try reverting to:
>
> tls_append_default_CA = no
> smtpd_tls_CApath = /
> On Feb 1, 2018, at 12:10 PM, Danny Horne wrote:
>
>> A simpler way to achieve the same goal would have been:
>> http://www.postfix.org/postconf.5.html#tls_append_default_CA
>>
>> tls_append_default_CA = yes
>>
>> bearing in mind the caution in the documentation, when enabling the
On 1 Feb 2018, at 11:46, Viktor Dukhovni wrote:
On Feb 1, 2018, at 11:43 AM, Bill Cole
wrote:
The "c_rehash" tool is an OpenSSL utility that generates symlinks in
a directory full of certificate files such that each symlink name is
derived from a cryptographic hash of the "Subject" of the c
On 01/02/2018 5:10 pm, Danny Horne wrote:
> Ok, adding tls_append_default_CA = yes has finally given me trusted TLS
> connections, but I do wonder if it was worth it in the end!!
>
> I am not using permit_tls_all_clientcerts
>
I forgot to add, thank you all for your help, though it might not have
a
On 01/02/2018 4:56 pm, Viktor Dukhovni wrote:
> A simpler way to achieve the same goal would have been:
> http://www.postfix.org/postconf.5.html#tls_append_default_CA
>
> tls_append_default_CA = yes
>
> bearing in mind the caution in the documentation, when enabling the
> panoply of Web
> On Feb 1, 2018, at 11:45 AM, Danny Horne wrote:
>
> # openssl version -d
> OPENSSLDIR: "/etc/pki/tls"
>
> # ls -al /etc/pki/tls
> lrwxrwxrwx. 1 root root49 Nov 27 21:00 cert.pem ->
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> drwxr-xr-x. 2 root root97 Dec 21 17:31 certs
> d
> On Feb 1, 2018, at 11:43 AM, Bill Cole
> wrote:
>
> The "c_rehash" tool is an OpenSSL utility that generates symlinks in a
> directory full of certificate files such that each symlink name is derived
> from a cryptographic hash of the "Subject" of the certificate file to which
> it points
Ok, didn't fully understand some of what you've said, so I'll just post
what I see (no hexadecimal symlinks found). I've changed
smtpd_tls_CApath to /etc/pki/ca-trust/extracted/pem but that hasn't made
any difference
[root@indium tls]# openssl version -d
OPENSSLDIR: "/etc/pki/tls"
[root@indium tl
On 1 Feb 2018, at 10:44, Danny Horne wrote:
I've changed smtpd_tls_CApath back to pointing at the directory. Not
sure what you mean by "hashed" via "c_rehash"
The "c_rehash" tool is an OpenSSL utility that generates symlinks in a
directory full of certificate files such that each symlink nam
> On Feb 1, 2018, at 10:44 AM, Danny Horne wrote:
>
>> You report settings of:
>> smtpd_tls_CApath = /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>> smtpd_tls_ask_ccert = yes
>> smtpd_tls_ccert_verifydepth = 2
>>
>> Surely "ca-bundle.trust.crt" is a file not a directory. This wo
On 31/01/2018 8:31 pm, Viktor Dukhovni wrote:
> You report settings of:
> smtpd_tls_CApath = /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> smtpd_tls_ask_ccert = yes
> smtpd_tls_ccert_verifydepth = 2
>
> Surely "ca-bundle.trust.crt" is a file not a directory. This would work as
>
mj:
> Anyone..?
>
> On 01/30/2018 02:55 PM, lists wrote:
> > Hi,
> >
> > The question can perhaps be made more generic like this:
> >
> > Can postfix generate a *specific* NDR (or an autoreply) for accounts
> > that meet a specific criterium, such as:
> > - user account was found under OU=to-de
Anyone..?
On 01/30/2018 02:55 PM, lists wrote:
Hi,
The question can perhaps be made more generic like this:
Can postfix generate a *specific* NDR (or an autoreply) for accounts
that meet a specific criterium, such as:
- user account was found under OU=to-delete,CN=company...
contrary to the
22 matches
Mail list logo
