> On 10 Jun 2022, at 02:30, Wietse Venema wrote:
>
> Gerben Wierda:
>> What is happening here? (mail is delivered, I?m just curious)
>>
>> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from
>> [146.185.52.133]:10400 to [192.168.2.66]:25
>> Jun 09 23:37:45 mail postfix/postscreen[4294
On Thu, Jun 09, 2022 at 11:58:23PM +0200, Gerben Wierda wrote:
> What is happening here? (mail is delivered, I’m just curious)
The client TLS connection ended before the client sent a TLS
close_notify. The Postfix SMTP server attempted to read the client
connection, but saw an unexpected EOF. S
Gerben Wierda:
> What is happening here? (mail is delivered, I?m just curious)
>
> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from
> [146.185.52.133]:10400 to [192.168.2.66]:25
> Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400
> Jun 09 23:37:45 mail smtp
On Thu, Jun 09, 2022 at 10:55:50PM +0200, Steffen Nurpmeso wrote:
> # That one is for client certificates!
> #smtpd_tls_CAfile = /etc/dovecot/cert.pem
The "smtpd_tls_CAfile" is unused bloat unless you solicit client
certificates, and even/especially then should NOT be the standard WebPKI
CA b
What is happening here? (mail is delivered, I’m just curious)
Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from
[146.185.52.133]:10400 to [192.168.2.66]:25
Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400
Jun 09 23:37:45 mail smtp/smtpd[4296]: connect from
Steffen Nurpmeso wrote in
<20220609205550.kbvci%stef...@sdaoden.eu>:
...
|.. But .. in fact postfix's TLS configuration regarding CAfile
|made me appear so foolish i kept
|
| # That one is for client certificates!
| #smtpd_tls_CAfile = /etc/dovecot/cert.pem
|
|in my configuration. I can
Viktor Dukhovni wrote in
:
|On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote:
|> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
|>> [also there is
|>> smtpd_tls_mandatory_exclude_ciphers =
|>> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
|>>
Viktor Dukhovni:
> On Thu, Jun 09, 2022 at 01:53:39PM -0400, Wietse Venema wrote:
> > Viktor Dukhovni:
> > > On Thu, Jun 09, 2022 at 09:19:11AM -0400, Wietse Venema wrote:
> > >
> > > > Below is the order of how Postfix receives email. Steps with "*"
> > > > are logged with -v or with -v -v, other
On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote:
> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
> > [also there is
> > smtpd_tls_mandatory_exclude_ciphers =
> > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-C
On Thu, Jun 09, 2022 at 01:53:39PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Thu, Jun 09, 2022 at 09:19:11AM -0400, Wietse Venema wrote:
> >
> > > Below is the order of how Postfix receives email. Steps with "*"
> > > are logged with -v or with -v -v, other steps are logged only when
>
On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
> [also there is
> smtpd_tls_mandatory_exclude_ciphers =
> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES,
> CBC3-SHA
> but i definetely should put more car
Viktor Dukhovni:
> On Thu, Jun 09, 2022 at 09:19:11AM -0400, Wietse Venema wrote:
>
> > Below is the order of how Postfix receives email. Steps with "*"
> > are logged with -v or with -v -v, other steps are logged only when
> > they fail.
> >
> > * repeat: receive header and send header to mi
On Thu, Jun 09, 2022 at 06:47:10PM +0200, Benny Pedersen wrote:
> On 2022-06-09 17:13, Linda Pagillo wrote:
> > Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
> > of staring at the screen. Josef.. THANK YOU.
>
> >> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>
>
Benny Pedersen wrote in
<37a797bed4aeb5c01b75c262ba0fe...@junc.eu>:
|On 2022-06-09 17:13, Linda Pagillo wrote:
|> Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
|> of staring at the screen. Josef.. THANK YOU.
|
|>> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
On Thu, Jun 09, 2022 at 09:19:11AM -0400, Wietse Venema wrote:
> Below is the order of how Postfix receives email. Steps with "*"
> are logged with -v or with -v -v, other steps are logged only when
> they fail.
>
> * repeat: receive header and send header to milter
>
> * send 'end o
On 2022-06-09 17:13, Linda Pagillo wrote:
Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
of staring at the screen. Josef.. THANK YOU.
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tlsv1.1 is more weak then tlsv1, so keep tlsv1
smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
On 09.06.22 16:41, Josef Vybíhal wrote:
By this you basically DISABLED all tls protocols. The ! means "not".
Try this:
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
no, try this:
smtpd_tls_protocols=!SSLv2,!SSL
On 2022-06-09 at 10:35:50 UTC-0400 (Thu, 9 Jun 2022 09:35:50 -0500)
Linda Pagillo
is rumored to have said:
Hi everyone! Yesterday I enabled TLS on my Postfix server (v.3.4.13).
When I did, no one with a Google or Yahoo hosted address could send us
mail
(possibly others too)
When I checked t
Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of
staring at the screen. Josef.. THANK YOU.
Fixed! :)
On Thu, Jun 9, 2022 at 9:41 AM Josef Vybíhal
wrote:
> Hi,
>
> > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
>
> By this you basically DISABLED
Hi,
> smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
By this you basically DISABLED all tls protocols. The ! means "not".
Try this:
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
You can use
https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=i
Hi everyone! Yesterday I enabled TLS on my Postfix server (v.3.4.13).
When I did, no one with a Google or Yahoo hosted address could send us mail
(possibly others too)
When I checked the Postfix log, I saw a bunch of this...
Jun 8 17:16:52 g1 postfix/smtpd[2153672]: connect from
mail-pl1-f180.g
Jim Garrison:
> disconnect from unknown[104.148.78.224] ehlo=1 mail=1 rcpt=0/1
> quit=1 commands=3/4
There is no attempt to use a password here. This is just an attempt
to verify if a recipient address is valid, for reasons that could
be non-malicious.
Wietse
Viktor Dukhovni:
> On Wed, Jun 08, 2022 at 04:55:50PM -0400, Viktor Dukhovni wrote:
>
> > In particular, was the delay during network transmission, or in
> > content processing after "."? Perhaps you can log a "WARN" or "INFO"
> > action in "end_of_data" restrictiosn, and see when that happens
>
On 08.06.22 16:58, Jim Garrison wrote:
This is a question about Postfix, in relation to fail2ban.
Having recently upgraded to the current Postfix from an ancient version,
I notice the "disconnect from" log entries now include a summary of
commands received and successfully completed.
I am also
24 matches
Mail list logo
