On Thu, Feb 03, 2022 at 01:39:44PM -0500, Martin Hicks wrote:
> The only configuration change I made in response to this discussion was
> to disable smtpd_tls_ask_ccert - I'm not sure why this was ever enabled.
>
> I'll update in a week or two when I see another e-mail from aircanada.
You can al
On Thu, Feb 03, 2022 at 07:27:30PM +0100, Matus UHLAR - fantomas wrote:
> > On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
> > > sorry, the third one is not expired:
> > >
> > > Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> > > Validity
> >
Wietse Venema:
> Look in your LOGS.
>
> http://www.postfix.org/DEBUG_README.html#logging
In particular, logs that the message is handled by your filter,
to eliiminate basic mistakes.
Wietse
> Look for obvious signs of trouble
> =
> Postfix logs all failed
On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
sorry, the third one is not expired:
Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
Validity
Not Before: Jan 20 19:14:03 2021 GMT
Not After : Sep 30 18:14:03 2024 GMT
Look in your LOGS.
http://www.postfix.org/DEBUG_README.html#logging
Wietse
Look for obvious signs of trouble
=
Postfix logs all failed and successful deliveries to a logfile.
When Postfix uses syslog logging (the default), the file is usually
called /var/
On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
> sorry, the third one is not expired:
>
> Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> Validity
> Not Before: Jan 20 19:14:03 2021 GMT
> Not After : Sep 30 18:14:03 2
On Thu, Feb 03, 2022 at 03:42:39PM +0100, Matus UHLAR - fantomas wrote:
Certificate chain
0 s:CN = darwin.bork.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Secur
Hello,
I try to add a disclaimer for all of my email accounts using altermime
but that doesn't work.
I did the following:
- created the user "filter": useradd -r -c "Postfix Filters" -d
/var/spool/filter filter
- created the directory /var/spool/filter
- changed directory permissions: ch
On Thu, Feb 03, 2022 at 03:42:39PM +0100, Matus UHLAR - fantomas wrote:
> Certificate chain
> 0 s:CN = darwin.bork.org
>i:C = US, O = Let's Encrypt, CN = R3
> 1 s:C = US, O = Let's Encrypt, CN = R3
>i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> 2 s:C = US, O = Inte
On 2/3/22 15:42, Matus UHLAR - fantomas wrote:
it might be this:
% openssl s_client -connect darwin.bork.org:25 -starttls smtp
CONNECTED(0003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
de
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
> There is an smtp server that is trying to send e-mail to my
> domain, but with an expired certificate:
At this point, what's needed to help you are outputs from "postconf -nf"
and "postconf -Mf" (verbatim with no changes in whitespac
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
There is an smtp server that is trying to send e-mail to my
domain, but with an expired certificate:
Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem:
error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert cer
On 03.02.22 13:27, Adrian van Bloois wrote:
I reject unknown hosts through the EHLO restrictions.
But my fritzbox wants to sent me something withou a valid EHLO value.
Is there a whitelist I can put my fritx on accept?
you can enable connections from your fritz box by using check_client_access
On Thu, Feb 03, 2022 at 08:48:23AM -0500, PGNet Dev wrote:
> i've a relay def'd in master.cf
>
> relay-test unix - - n - - smtp
> ...
> -o
> smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
You can define multiple transports, each with its own "
i've a relay def'd in master.cf
relay-test unix - - n - - smtp
...
-o
smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
entries is 'relay_tls_policy' take usual form, per
http://www.postfix.org/TLS_README.html#client_tls_policy, e.g.
Hi
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
> There is an smtp server that is trying to send e-mail to my
> domain, but with an expired certificate:
> Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem:
> error:14094415:SSL routines:ssl3_read_bytes:sslv3
Hi,
There is an smtp server that is trying to send e-mail to my
domain, but with an expired certificate:
Feb 2 11:20:52 darwin postfix/smtpd[9181]: connect from
r114.mail.aircanada.com[172.82.216.114]
Feb 2 11:20:52 darwin postfix/smtpd[9181]: SSL_accept error from
r114.mail.aircanada.com[1
Dnia 3.02.2022 o godz. 13:27:06 Adrian van Bloois pisze:
> I reject unknown hosts through the EHLO restrictions.
> But my fritzbox wants to sent me something withou a valid EHLO value.
> Is there a whitelist I can put my fritx on accept?
Isn't it better to whitelist it via IP address, for example
IMO you should not reject widely based on HELO. Too many false positives.
More a place for basic checks.
But you can catch that if you want in your files.
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/hash
Hi,
I reject unknown hosts through the EHLO restrictions.
But my fritzbox wants to sent me something withou a valid EHLO value.
Is there a whitelist I can put my fritx on accept?
Adrian
--
Adri P. van Bloois
"The greatest threat to our planet is the belief that someone
20 matches
Mail list logo
