On 22/07/20 9:02 am, Xavier Belanger wrote:
Hi,
Leonardo Rodrigues wrote:
You nailed it, Viktor and Xavier, it was the default system-wide
setup on the CentOS 8 OS from file
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
setting MinProtocol to TLSv1 there did the trick.
Yep, I set it to prefer v6 to test and was only noting that, at least GMail,
doesn't appear to apply stricter policies
around delivery any more (likely modulo your IP's existing reputation).
On 7/21/20 8:06 PM, Viktor Dukhovni wrote:
> On Tue, Jul 21, 2020 at 07:54:55PM -0400, Matt Corallo wrote:
On Tue, Jul 21, 2020 at 07:54:55PM -0400, Matt Corallo wrote:
> Still, many large sites (eg Outlook) only
> accept mail on v4, presumably for similar reasons, so there isn't much
> reason to default to prefering IPv6 for outbound mail any time in the
> next many years.
FWIW, when you enable IPv6
I believe this is somewhat out of date. Google did, in my understanding,
originally require DKIM and not assign IP
reputation to v6 addresses, but that appears to no longer by the case. I turned
on v6-outbound on my postfix server and
it has had no problems with Gmail (or any other) reachability.
On Tue, Jul 21, 2020 at 05:24:10AM -0600, @lbutlr wrote:
> Given two machines (or more) running as mail.example.com what is the
> best practices way of duplicating the certs for that domain so that
> each server has valid certificates.
If your issuing CA refuses to mint multiple overlapping certi
>Xavier Belanger:
> One piece of advice: [opensslcnf.txt] may be considered as a "system
> file" and could be overwritten in the future by some CentOS update.
> Make sure to document that change and to keep an eye of that file;
> or to define your own policy (custom policies are not overwritten).
Hi,
Leonardo Rodrigues wrote:
> You nailed it, Viktor and Xavier, it was the default system-wide
> setup on the CentOS 8 OS from file
>
> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt
>
> setting MinProtocol to TLSv1 there did the trick.
>
> Thank you guys!
You're welcom
On Tue, Jul 21, 2020 at 02:09:04PM -0400, Wietse Venema wrote:
> > "By default, Postfix uses IPv4 only, because most systems aren't
> > attached to an IPv6 network." According to Google, third of their
> > users access their service via IPv6.
>
> If 2/3 of all SMTP clients are IPv4-only, then tha
Greetings,
Is it possible to determine the Mail User Agents in use via logging in
Postfix and / or Dovecot?
Thanks,
Asai
l...@ungleich.ch:
> Greetings everyone,
>
>
> In 2020 we think it would be a reasonable enable IPv6 it by default.
> V4 addresses are getting expensive, and new ISP-s and businesses are
> moving to V6 with great momentum. Moreover it would help us and others
> to reduce complexity in their infr
l...@ungleich.ch skrev den 2020-07-21 15:20:
The change:
/etc/postfix/main.cf:
from: inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
to:inet_protocols = all(DEFAULT: enable IPv4, and IPv6 if
supported)
error is that default main.cf have this line, defaults is already all
On 21.07.2020 19:37, Bill Cole wrote:
"By default, Postfix uses IPv4 only, because most systems aren't
attached to an IPv6 network."
According to Google, third of their users access their service via IPv6.
So, Google agrees with the Postfix docs, correct?
Based on occasional issues raised her
On 7/20/20 10:19 PM, Viktor Dukhovni wrote:
> This is plainly logged as a *cache* lookup. The data in the cache entry
> was set to expire at epoch time 1595290292, or 2020-07-20T20:11:32-0400.
although that doesn't tell me _why_ the problem exists, it did point to _what_
it (apparently) was.
wa
On 21 Jul 2020, at 9:20, l...@ungleich.ch wrote:
"By default, Postfix uses IPv4 only, because most systems aren't
attached to an IPv6 network."
According to Google, third of their users access their service via
IPv6.
So, Google agrees with the Postfix docs, correct?
Based on occasional issue
On Di, Jul 21, 2020 at 15:20:36 +0200, l...@ungleich.ch wrote:
The change:
/etc/postfix/main.cf:
from: inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
to:inet_protocols = all(DEFAULT: enable IPv4, and IPv6 if supported)
I don’t think this is a good idea. You’re right that m
Greetings everyone,
In 2020 we think it would be a reasonable enable IPv6 it by default.
V4 addresses are getting expensive, and new ISP-s and businesses are
moving to V6 with great momentum. Moreover it would help us and others
to reduce complexity in their infrastructure.
The postfix IPv6
Em 20/07/2020 22:44, Viktor Dukhovni escreveu:
If CentOS 8 requires a default floor of TLS 1.2, and have not patched
Postfix to relax that system-default constraint, then you're stuck
with TLS >= 1.2 until a suitable work-around is made available in
their Postfix package.
You nailed it, Vi
Given two machines (or more) running as mail.example.com what is the best
practices way of duplicating the certs for that domain so that each server has
valid certificates.
Third server that manages the certs and copies them to each mail server? A
database server on one machine that the other m
18 matches
Mail list logo
