[pfx] Re: [ext] TLS issues

* Ralf Hildebrandt via Postfix-users [12/07/2023 11:15] : > > Try adding: > smtp_tls_key_file = $smtpd_tls_key_file > smtp_tls_cert_file = $smtpd_tls_cert_file Once I added this to my main.cf and reloaded postfix, I saw that emails were getting correctly delivered. Thank you, Ralf! Emmanuel _

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 11:16:56AM +0300, Ivan Hadzhiev via Postfix-users wrote: > You can copy from here: > *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem > > * > or you can create it > > *openss

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

On Wed, Jul 12, 2023 at 10:09:34AM +0200, Paul Menzel via Postfix-users wrote: > The Internet.nl email test, reports for molgen.mpg.de [1]: Their criteria are cranked up to 11. Do not attempt to get a 100% score from their site. It will be counterproductive (reduce security) by making it diffic

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

Dear Ivan, Thank you very much for your reply. Am 12.07.23 um 10:16 schrieb Ivan Hadzhiev: You can copy from here: https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem or you can create it openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out /etc/postfi

[pfx] Re: [ext] TLS issues

On Wed, Jul 12, 2023 at 11:15:14AM +0200, Ralf Hildebrandt via Postfix-users wrote: > > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem > > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key > > Try adding: > > smtp_tls_key_file = $smtpd_tls_key_file > smtp_tls_cert_file = $smtpd_tls_ce

[pfx] Re: local sending - solved

I had already configured mydestination to include 'home', but looking back after sorting out my configuration issues, I just noticed that myhostname and mydomian both used a domain name I no longer use. Oops. Having corrected both those, I am able to send to user@home from any host on the LAN a

[pfx] Re: local sending

Dnia 12.07.2023 o godz. 11:41:49 Ken Gillett via Postfix-users pisze: > > Since the error stating it could not resolve 'home' I added an MX record > to the DNS and now the error says the address "loops back to myself". I > forget the exact wording as a power cut means I lost the full exact > messa

[pfx] Re: local sending

To be clear about this issue, although I object to organisations' sloppy attitude to standards, my question here is not about the use of an address without even an @. I use Apple Mail and that does not allow it, so I have set it up to use user@home and that will suffice. The issue is that this

[pfx] Re: [ext] TLS issues

> smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key Try adding: smtp_tls_key_file = $smtpd_tls_key_file smtp_tls_cert_file = $smtpd_tls_cert_file -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmed

[pfx] TLS issues

Hello, all. Last weekend, $WORK moved over to 2 smtp gateways running postfix/clamav/spamassissin. This setup has been running with only one issue: two domains refuse to accept mail from us. Investigating this, we realized that both domains use the same mail servers and that they both require TL

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

You can copy from here: *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem * or you can create it *openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out /etc/postfix/ffdhe4096.dh.

[pfx] How to verify that DH key generation parameters from RFC 7919 are used?

Dear Postfix folks, The Internet.nl email test, reports for molgen.mpg.de [1]: Key exchange parameters Verdict: At least one of your mail servers supports insufficiently secure parameters for Diffie-Hellman key exchange. Technical details: c1241.mx.srv.dfn.de.DH-2048 insufficien