On Friday, 26 October 2018 12:53:48 AM AEDT Scott Kitterman wrote:
> On October 25, 2018 10:56:53 PM UTC, Richard James Salts
wrote:
> >Hi all,
> >
> >This is offtopic in regards to postfix but I bring it up because of the
> >last
> >few emails I've sent to the postfix mailing list.
> >
> >I was
Hi,
I'm not sure if i got myself confused but here is what I'd like/have to
achieve:
If an internal user is sending an email and postfix receives a bounce, the
Mailer-daemon should have the hostname as domain part. I know that I can use
$myhostname to set $myorigin for that.
But I'm not sure if
Richard James Salts writes:
> This is still leading to the postfix mailing list failing DKIM once
> it's added a Sender header for owner-postfix-us...@postfix.org. Should
> I stop oversigning the Sender header?
Signing the following headers works for me and does not break DKIM:
Autocrypt, From,
On October 25, 2018 10:56:53 PM UTC, Richard James Salts
wrote:
>Hi all,
>
>This is offtopic in regards to postfix but I bring it up because of the
>last
>few emails I've sent to the postfix mailing list.
>
>I was originally signing all the headers mentioned in rfc6376 section
>5.4,
>whethe
Richard James Salts:
> Hi all,
>
> This is offtopic in regards to postfix but I bring it up because of the last
> few emails I've sent to the postfix mailing list.
>
> I was originally signing all the headers mentioned in rfc6376 section 5.4,
> whether they existed or not and mails to postfix maili
Hi all,
This is offtopic in regards to postfix but I bring it up because of the last
few emails I've sent to the postfix mailing list.
I was originally signing all the headers mentioned in rfc6376 section 5.4,
whether they existed or not and mails to postfix mailing list failed because of
the
On 25 Oct 2018, at 05:11, Ralph Seichter wrote:
> Please don't try to spread your personal misjudgement as gospel,
It is not mine, but thanks for playing.
--
So now you know the words to our song, pretty soon you'll all be singing
along, when you're sad, when you're lonely and it all turns out
On Oct 25, 2018, at 15:04, @lbutlr wrote:
> Authentication port 25 is often simply opportunistic
Sorry. I meant to type encryption, not authentication.
--
This is my signature. There are many like it, but this one is mine.
On Oct 25, 2018, at 06:08, Thomas Bourdon wrote:
>
> My goal : All auth connections must be done with tlsv1.2 minimum. Others
> connections can be done with tlsv1.0 minimum.
This is fine. Authentication port 25 is often simply opportunistic and does not
imply identify, only securing the data t
Thomas Bourdon:
> Hi,
>
> First of all, I apologize for my bad english.
>
> I use postfix-3.3.1 and openssl-1.0.2.
>
> Actual ssl config : tlsv1.0 minimum is set for smtp and smtpd. tlsv1.2
> minimum is set for submission/starttls.
>
> My goal : All auth connections must be done with tlsv1.2 m
On 25.10.18 18:55, Viktor Dukhovni wrote:
> Best to let it go, and just comment that the conclusions or advice are
> not universally applicable.
I could, and usually do, but in this instance I deliberately chose not
to. Best to let it go. ;-)
-Ralph
> On Oct 25, 2018, at 12:21 PM, Ralph Seichter
> wrote:
>
> Possibly, but *I* think that I've about had it with people stating their
> personal beliefs as facts, especially when my own experience shows that
> things are quite different where I am standing. In my opinion the OP did
> not merit me
> "Daniel" == Daniel Ryšlink writes:
Daniel> | You disable cleartext SMTP as well?
Daniel> The rationale here is that by accepting provenly insecure
Daniel> protocols, one provides an illusion of security, which is
Daniel> potentially more dangerous than transparently refuse, and fall
Daniel
On 25.10.18 17:23, Viktor Dukhovni wrote:
> I think there's probably a more appropriate way to disagree.
Possibly, but *I* think that I've about had it with people stating their
personal beliefs as facts, especially when my own experience shows that
things are quite different where I am standing.
> On Oct 25, 2018, at 7:11 AM, Ralph Seichter
> wrote:
>
> On 25.10.18 00:44, @lbutlr wrote:
>
>> TLSv1.2 has been out for a decade and there is no reason to be running
>> v1 or v1.1. At all.
>
> Please don't try to spread your personal misjudgement as gospel,
> there's a good chap.
I thin
Le jeudi 25 octobre 2018 à 15:31 +0200, Matus UHLAR - fantomas a
écrit :
> maybe port 465 was originally taken (by microsoft, btw) for server-
> to-server
> smtp over ssl, but I think I ever saw anyone using it as such.
>
> for now, many companies use port 465 as authenticated submission-only
> p
Thank you guys to explain me how works smtp<->smtp. I set up tlsv1.0
minimum for smtp<->smtp and tlsv1.2 minimum for auth connections, it
seems working. :)
Thanks again !
Le 25.10.2018 15:10, B. Reino a écrit :
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Because mail providers send mail to my
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Is there a way to allow tlsv1.0 minimum for unauth connection and
allow tlsv1.2 minimum for auth connection on port 465 ?
Le 25.10.2018 15:00, B. Reino a écrit :
Why would you want unauthenticated connections on port 465? (smtps).
It's AFAIK a submis
On Thu, Oct 25, 2018 at 08:11:35AM +0200, Poliman - Serwis wrote:
Hi. I heard that having a non-functional server as the primary MX is a
well-known trick to reduce the amount of incoming spam, as most software
used by spammers will only ever try the highest-priority MX. How to do this?
On 25/1
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Because mail providers send mail to my smtp server through this port, don't
they ?
Le 25.10.2018 15:00, B. Reino a écrit :
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Is there a way to allow tlsv1.0 minimum for unauth connection and allow
tlsv1.2 mi
Because mail providers send mail to my smtp server through this port,
don't they ?
Le 25.10.2018 15:00, B. Reino a écrit :
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Is there a way to allow tlsv1.0 minimum for unauth connection and
allow tlsv1.2 minimum for auth connection on port 465 ?
Why
On Thu, 25 Oct 2018, Thomas Bourdon wrote:
Is there a way to allow tlsv1.0 minimum for unauth connection and allow
tlsv1.2 minimum for auth connection on port 465 ?
Why would you want unauthenticated connections on port 465? (smtps).
It's AFAIK a submission port.
Hi,
First of all, I apologize for my bad english.
I use postfix-3.3.1 and openssl-1.0.2.
Actual ssl config : tlsv1.0 minimum is set for smtp and smtpd. tlsv1.2
minimum is set for submission/starttls.
My goal : All auth connections must be done with tlsv1.2 minimum. Others
connections can be
On 25/10/18 11:12, Viktor Dukhovni wrote:
>> On Oct 25, 2018, at 5:55 AM, Allen Coates wrote:
>>
>> There are some anti-spam projects which offer MXes for your use.
>> You set one up with the LOWEST prioity (your "MX of last resort"); If a
>> message reaches it, the MX will collect stats
>> an
On 25.10.18 00:44, @lbutlr wrote:
> TLSv1.2 has been out for a decade and there is no reason to be running
> v1 or v1.1. At all.
Please don't try to spread your personal misjudgement as gospel,
there's a good chap.
-Ralph
Miwa Susumu skrev den 2018-10-25 07:22:
client <-> postfix <-> o365
s23_srvr.c said error message, so Is postfix working as a server?
Is the problem occurring in 'client <-> postfix' communication?
could it be that o365 still uses sslv3 ?
logs please
if openssl is compiled with sslv2 and ssl
Matus UHLAR - fantomas skrev den 2018-10-25 10:29:
# postconf -d |grep tls|grep proto
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_protocols = !SSLv2
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols =
> On Oct 25, 2018, at 5:55 AM, Allen Coates wrote:
>
> There are some anti-spam projects which offer MXes for your use.
> You set one up with the LOWEST prioity (your "MX of last resort"); If a
> message reaches it, the MX will collect stats
> and then return a TEMPFAIL.
I can't recommend this
On 25/10/18 07:33, Viktor Dukhovni wrote:
> On Thu, Oct 25, 2018 at 08:11:35AM +0200, Poliman - Serwis wrote:
>
>> Hi. I heard that having a non-functional server as the primary MX is a
>> well-known trick to reduce the amount of incoming spam, as most software
>> used by spammers will only eve
> On Oct 25, 2018, at 4:26 AM, Daniel Ryšlink wrote:
>
> The rationale here is that by accepting provenly insecure protocols, one
> provides an illusion of security, which is potentially more dangerous than
> transparently refuse, and fall back to plaintext delivery to preserve the
> functi
On 24.10.18 16:56, Burn Zero wrote:
Yea, I got it. But even with that configuration when I connect to my
server, my server is still accepting connections in TLSv1. If I disable
TLSv1 in my server,
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown pro
| You disable cleartext SMTP as well?
The rationale here is that by accepting provenly insecure protocols, one
provides an illusion of security, which is potentially more dangerous
than transparently refuse, and fall back to plaintext delivery to
preserve the functionality (which can create an
On 25.10.18 08:11, Poliman - Serwis wrote:
Hi. I heard that having a non-functional server as the primary MX is a
well-known trick to reduce the amount of incoming spam, as most software
used by spammers will only ever try the highest-priority MX. How to do this?
it will also delay the mail del
On 24.10.18 16:56, Burn Zero wrote:
>Yea, I got it. But even with that configuration when I connect to my
>server, my server is still accepting connections in TLSv1. If I disable
>TLSv1 in my server,
>
>warning: TLS library problem: 21975:error:140760FC:SSL
>routines:SSL23_GET_CLIENT_HELLO:unknow
34 matches
Mail list logo
