On 2021-09-24 at 19:05:00 UTC-0400 (Fri, 24 Sep 2021 19:05:00 -0400)
Alex
is rumored to have said:
Hi,
I recently ran testssl.sh (https://github.com/drwetter/testssl.sh) on
my mail server,
Presumably on port 25 with STARTTLS?
and it's still showing TLS 1 and 1.1 still being
offered, as wel
On Fri, Sep 24, 2021 at 11:54:29AM -0400, Viktor Dukhovni
wrote:
> On Sat, Sep 25, 2021 at 01:08:29AM +1000, raf wrote:
>
> > Also, the following look like they are defined in
> > mail_params.h but they aren't in postconf.proto
> > (20210815 snapshot). This might be wrong. It's just a
> > quick
On Fri, Sep 24, 2021 at 07:05:00PM -0400, Alex wrote:
> I recently ran testssl.sh (https://github.com/drwetter/testssl.sh) on
> my mail server, and it's still showing TLS 1 and 1.1 still being
> offered, as well as DES:
You should generally ignore most issues misreported by SSL/TLS testing
sites
Hi,
> >>smtpd_tls_session_cache_database
> >
> > This is defined to the default for all instances:
> > smtpd_tls_session_cache_database =
> > btree:/var/lib/postfix/smtpd_tls_session_cache
>
> That's wrong. The session cache needs to be:
>
>smtpd_tls_session_cache_database =
> ${data_dir
Hi,
I recently ran testssl.sh (https://github.com/drwetter/testssl.sh) on
my mail server, and it's still showing TLS 1 and 1.1 still being
offered, as well as DES:
Testing protocols via sockets
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1
On Fri, Sep 24, 2021 at 08:06:06AM -0400, Wietse Venema
wrote:
> raf:
> > On Thu, Sep 23, 2021 at 06:46:33AM -0400, Wietse Venema
> > wrote:
> >
> > > C and C++ are similar enough that C can easily be wrapped in C++.
> > > I'd love to adopt Gtest which I have been using internally at Google
>
> "Girish" == Girish Venkatachalam writes:
Girish> On 04:41 PM 17-Sep-21, Benny Pedersen wrote:
>> On 2021-09-17 14:40, Christian Schmitz wrote:
>> make a spamassassin rule to check dkim, make that dkim score 1000, if
>> you reject high score spam there is nothing more to do
Girish> In thi
I had soft_bounce = yes. Thanks
El 24/9/2021 a las 13:59, Wietse Venema escribió:
> Wietse Venema:
>> Francesc Pe?alvez:
>>> I re-ask again since my postscreen responds to connections with dnsbl
>>> code 450 instead of a 5xx, with which those servers are trying to resend
>>> the mail again and aga
> On 24 Sep 2021, at 12:57 pm, Wietse Venema wrote:
>
>> It is perhaps time to drop support for some of the Postfix <= 2.2
>> TLS parameters. Which can simplify the pile of booleans to just
>> a single security level and then perhaps simply:
>>
>>tlsproxy_client_enable =
>>${smtp_tl
Viktor Dukhovni:
> It is perhaps time to drop support for some of the Postfix <= 2.2
> TLS parameters. Which can simplify the pile of booleans to just
> a single security level and then perhaps simply:
>
> tlsproxy_client_enable =
> ${smtp_tls_policy_maps ? {yes} :
> ${{$s
On Sat, Sep 25, 2021 at 01:08:29AM +1000, raf wrote:
> Also, the following look like they are defined in
> mail_params.h but they aren't in postconf.proto
> (20210815 snapshot). This might be wrong. It's just a
> quick hacky audit. Some of them might not be real
> parameters.
There is no lmtpd(8)
On Fri, Sep 24, 2021 at 09:49:49AM -0400, Wietse Venema
wrote:
> raf:
> > Hi,
> >
> > I think there's a parameter name that is rightish/better
> > in the documentation but wrong/worse in the code.
>
> Added to the queue.
>
> Wietse
Thanks. Similarly, there's a parameter called
"tlsprox
raf:
> Hi,
>
> I think there's a parameter name that is rightish/better
> in the documentation but wrong/worse in the code.
Added to the queue.
Wietse
> $ postconf -d | grep security_level
> lmtp_tls_security_level =
> postscreen_tls_security_level = $smtpd_tls_security_level
>
Hi,
I think there's a parameter name that is rightish/better
in the documentation but wrong/worse in the code.
$ postconf -d | grep security_level
lmtp_tls_security_level =
postscreen_tls_security_level = $smtpd_tls_security_level
smtp_tls_security_level =
smtpd_tls_security_level =
t
I had soft_bounce = yes. Thanks Enviado desde mi Galaxy
Mensaje original De: Wietse Venema
Fecha: 24/9/21 13:59 (GMT+01:00) Para: Wietse Venema
Cc: Francesc Peñalvez , postfix-users@postfix.org
Asunto: Re: change postscreen error code from 4xx to 5xx Wietse Venema:>
Frances
raf:
> On Thu, Sep 23, 2021 at 06:46:33AM -0400, Wietse Venema
> wrote:
>
> > C and C++ are similar enough that C can easily be wrapped in C++.
> > I'd love to adopt Gtest which I have been using internally at Google
> > over the past 5+ years.
> >
> > Wietse
>
> That would give the best r
Wietse Venema:
> Francesc Pe?alvez:
> > I re-ask again since my postscreen responds to connections with dnsbl
> > code 450 instead of a 5xx, with which those servers are trying to resend
> > the mail again and again
> >
> > postfix/submission/postscreen[1724625]: NOQUEUE: reject: RCPT from
> > [XX
Francesc Pe?alvez:
> I re-ask again since my postscreen responds to connections with dnsbl
> code 450 instead of a 5xx, with which those servers are trying to resend
> the mail again and again
>
> postfix/submission/postscreen[1724625]: NOQUEUE: reject: RCPT from
> [XXX.XXX.XXX.XXX]:46994: 450 4.7
18 matches
Mail list logo
