[pfx] Using owner-aliases to avoid SPF failure.

[ Thread unhijacked ] On Thu, Sep 19, 2024 at 01:16:59PM -0400, John Levine via Postfix-users wrote: > We have a bunch of role addresses that we forward to the people in the role. aliases: owner-localuser: postmaster localuser: mbox@provider.example > If the messages have

[pfx] How to change the bounce address in a bunch of forwards

We have a bunch of role addresses that we forward to the people in the role. If the messages have DKIM signatures, it works reasonably well since the signatures stay valid. But if they don't, mail systems like Gmail reject them becahse there is no DKIM and SPF fails. So I would like to change

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 05:04:03PM +0200, Geert Hendrickx via Postfix-users wrote: > On Fri, Sep 20, 2024 at 00:40:35 +1000, Viktor Dukhovni via Postfix-users > wrote: > > > So you should be able to apply the top-most commit at: > > > > https://github.com/vdukhovni/postfix/commits/provide

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Fri, Sep 20, 2024 at 00:40:35 +1000, Viktor Dukhovni via Postfix-users wrote: > So you should be able to apply the top-most commit at: > > https://github.com/vdukhovni/postfix/commits/provider-kex/ > > to a Postfix 3.10-20240917 (or earlier, modulo the expected conflict in > the HISTORY

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 02:39:11PM +0200, Geert Hendrickx via Postfix-users wrote: > On Thu, Sep 19, 2024 at 21:41:44 +1000, Viktor Dukhovni via Postfix-users > wrote: > > Can you build Postfix after running "makedefs" with "OPT='-g -ggdb3'", > > and set a break-point in posttls-finger at line ~1

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 21:41:44 +1000, Viktor Dukhovni via Postfix-users wrote: > Can you build Postfix after running "makedefs" with "OPT='-g -ggdb3'", > and set a break-point in posttls-finger at line ~1054 of tls_misc.c: > > 1054 if (tls_get_peer_dh_pubkey(ssl, &dh_pkey)) { With a PQ

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

Viktor Dukhovni via Postfix-users: > On Thu, Sep 19, 2024 at 10:01:16AM +0200, Geert Hendrickx via Postfix-users > wrote: > > > > Anonymous TLS connection established from X: TLSv1.3 with cipher > > > TLS_AES_128_GCM_SHA256 > > > (128/128 bits) key-exchange x25519_kyber768 server-signature ECDSA

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 12:36:23PM +0200, Geert Hendrickx via Postfix-users wrote: > It works, and it's even interoperable with gmail's MX. But provider > key exchanges aren't logged for outbound connections by smtp(8) or > posttls-finger: That's unexpected, it is the same code generating the l

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 17:44:36 +1000, Viktor Dukhovni via Postfix-users wrote: > Try the below: Perfect: > Anonymous TLS connection established from X: TLSv1.3 with cipher > TLS_AES_128_GCM_SHA256 > (128/128 bits) key-exchange x25519_kyber768 server-signature ECDSA > (prime256v1) > server-di

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 19:10:05 +1000, Viktor Dukhovni via Postfix-users wrote: > On Thu, Sep 19, 2024 at 10:01:16AM +0200, Geert Hendrickx via Postfix-users > wrote: > > > > Anonymous TLS connection established from X: TLSv1.3 with cipher > > > TLS_AES_128_GCM_SHA256 > > > (128/128 bits) key-e

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 09:18:23PM +1200, Peter via Postfix-users wrote: > On 19/09/24 21:10, Viktor Dukhovni via Postfix-users wrote: > > On Thu, Sep 19, 2024 at 10:01:16AM +0200, Geert Hendrickx via Postfix-users > > wrote: > > > > > > Anonymous TLS connection established from X: TLSv1.3 with c

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On 19/09/24 21:10, Viktor Dukhovni via Postfix-users wrote: On Thu, Sep 19, 2024 at 10:01:16AM +0200, Geert Hendrickx via Postfix-users wrote: Anonymous TLS connection established from X: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519_kyber768 server-signature E

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 05:44:36PM +1000, Viktor Dukhovni via Postfix-users wrote: > > (FWIW, nginx logs unknown groups by their group id, in this case "0x6399") > > > > https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl.c#L5138 > > Not terribly friendly/useful. To be preci

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 10:01:16AM +0200, Geert Hendrickx via Postfix-users wrote: > > Anonymous TLS connection established from X: TLSv1.3 with cipher > > TLS_AES_128_GCM_SHA256 > > (128/128 bits) key-exchange x25519_kyber768 server-signature ECDSA > > (prime256v1) > > server-digest SHA256 >

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 09:02:39AM +0200, Geert Hendrickx via Postfix-users wrote: > Could the reverse lookup be fixed as well, for Received headers and logging? > > > Anonymous TLS connection established from X: TLSv1.3 with cipher > > TLS_AES_128_GCM_SHA256 > > (128/128 bits) key-exchange UND

[pfx] Re: Patch: Postfix and OpenSSL provider algorithms

On Thu, Sep 19, 2024 at 08:26:53 +0200, Geert Hendrickx via Postfix-users wrote: > I confirm your patch works, I can now use these new key exchanges in Postfix. Could the reverse lookup be fixed as well, for Received headers and logging? > Anonymous TLS connection established from X: TLSv1.3 wi