Am 2024-12-22 16:25, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
Am 2024-12-22 01:39, schrieb Peter via Postfix-users:
> On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
>>
>> However, there are other mechanisms being develop
Am 2024-12-22 01:39, schrieb Peter via Postfix-users:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example
OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
so
ne
Am 2024-07-08 06:52, schrieb Ralph Seichter via Postfix-users:
* Allen Coates via Postfix-users:
I am blocking 2001:db8::/32 (of course); it's the Teredo prefix
which I am allowing.
I misunderstood the word "these" in your OP, and the subject line only
referenced the documentation prefix, but
Am 2024-06-28 09:01, schrieb Curtis J Blank via Postfix-users:
What I am looking for is pretty simple. How to get it to work with
"inet_protocols = all" like my existing server is currently set up to
do and not be limited to ipv4 only.
And it is already set to use 127.0.0.1 so why it is using
Am 2024-06-25 08:44, schrieb Jeff Pang via Postfix-users:
Hello
sorry for the beginner question.
how to deploy the following email security features?
RFC 7672 SMTP-DANE
Outgoing:
# validate DANE
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane # or dane-only
(https://www
Am 2024-06-20 08:21, schrieb Peter via Postfix-users:
On 20/06/24 17:47, Tan Mientras via Postfix-users wrote:
So many replies!
@Ralph
Is an automated/unattended email notifying the user about something,
providing proper ways of contacting. As this email is not read in any
way, rejecting the
Am 2024-06-17 06:49, schrieb Paul Schmehl via Postfix-users:
On Jun 16, 2024, at 10:30 PM, Peter via Postfix-users
wrote:
It's likely that roundcube is not configured for TLS and postfix is
(as it should be) configured not to offer AUTH until TLS is
established.
Yes, postfix is configured
Am 2024-05-22 01:22, schrieb Greg Sims via Postfix-users:
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig
Am 2024-04-11 05:39, schrieb Dan Mahoney via Postfix-users:
I guess I missed something. — I also want it to null route (or route to
a maildir) all *outbound* mail — so we can examine what our ticket
system *would* send, is there something in here to do that, or is the
above only for inbound?
Am 2024-03-23 17:17, schrieb Viktor Dukhovni via Postfix-users:
PS: As of January 2024, the German BSI has tighten its recommendation
for asymmetric algorithms over finite fields to at least 3000 bits
(i.e. RSA encryption, RSA signatures and FFDH).
With little thought about the opportunistic TL
Am 2024-03-23 15:58, schrieb Matthias Nagel via Postfix-users:
I wonder whether setting `smtpd_tls_dh1024_param_file` to a custom
2048-bit DH group would help? But from my understanding of the docs
that should not be necessary as Postfix 3.8.5 uses a built-in 2048bit
group if left empty.
Pos
Am 2024-03-12 07:08, schrieb Viktor Dukhovni via Postfix-users:
Where is your configuration directory? Are you editing
"/etc/postfix/main.cf", or /usr/local/etc/postfix/main.cf?
Which "postfix" command are you running, "/usr/sbin/postfix" or
"/usr/local/sbin/postfix"? You probably have Postfi
Am 2024-03-11 05:19, schrieb Glenn Tenney via Postfix-users:
(2) Postfix sends to gmail, but does not encrypt when sending.
You only tell the receiving side of postfix to set the encrypt level to
"may". For the sending side you do not have such a setting:
smtp_tls_security_level = ...
M
Am 2024-02-29 13:46, schrieb Viktor Dukhovni via Postfix-users:
On Thu, Feb 29, 2024 at 06:36:09AM -0500, Scott Hollenbeck wrote:
> What do you consider weak?
All of the anonymous Diffie-Hellman suites with an "F" score. How can
eliminate the following:
Who's assigning the "F" scores?
Nma
Am 2024-02-29 10:27, schrieb Viktor Dukhovni via Postfix-users:
On Thu, Feb 29, 2024 at 08:59:44AM +0100, Alexander Leidinger via
Postfix-users wrote:
# grep tls main.cf | grep -vE '^#'
smtp_tls_security_level = encrypt
smtpd_tls_ask_ccert = yes
smtpd_tls_CApath = $smtp_tls_CA
Am 2024-02-28 14:55, schrieb Scott Hollenbeck via Postfix-users:
Would someone please describe the configuration settings needed to
support
TLS 1.2 and 1.3 with no weak ciphers? Here's what I currently have in
my
That depends on your definition of "weak".
configuration files:
main.cf:
smtp
Am 2023-12-01 18:51, schrieb Viktor Dukhovni via Postfix-users:
On Fri, Dec 01, 2023 at 01:52:19PM +0100, Alexander Leidinger wrote:
> No. The problem you're reporting is with name matching. If the
> certificate chain failed to be constructed, that'd be reported instead.
> You'll only see nam
Am 2023-12-01 13:44, schrieb Wietse Venema:
Alexander Leidinger:
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
> Alexander Leidinger via Postfix-users:
>> What is wrong here that [tlsproxy] doesn't establish a trusted
>> connection
>> to the githu
Am 2023-12-01 12:40, schrieb Byung-Hee HWANG via Postfix-users:
Alexander Leidinger via Postfix-users
writes:
Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users:
...
Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
verification failed for in-8.smtp.github.com
Am 2023-12-01 11:22, schrieb Viktor Dukhovni via Postfix-users:
On Fri, Dec 01, 2023 at 09:53:25AM +0100, Alexander Leidinger via
Postfix-users wrote:
> > Why should it expect reply.github.com?
>
> Because that name is securely known from the recipient address.
Because, wh
Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users:
...
Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
verification failed for in-8.smtp.github.com[140.82.114.32]:25:
num=62:hostname mismatch
...
Maybe you check?
root@yw-1204:/etc/postfix# postconf -n | grep CA
Am 2023-12-01 09:34, schrieb Tom Hendrikx via Postfix-users:
On 01-12-2023 08:59, Alexander Leidinger via Postfix-users wrote:
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
What is wrong here that [tlsproxy] doesn't establish a tr
Am 2023-11-30 18:36, schrieb Viktor Dukhovni via Postfix-users:
On Thu, Nov 30, 2023 at 03:37:02PM +0100, Alexander Leidinger via
Postfix-users wrote:
> > Nov 30 11:18:40 mailgate postfix/tlsproxy[98300]: server certificate
> > verification failed for in-9.smtp.github.com[140.8
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
What is wrong here that [tlsproxy] doesn't establish a trusted
connection
to the github mailservers when posttls-finger is able to do that with
the same cert store?
Because ther
Am 2023-11-30 15:03, schrieb Bill Cole via Postfix-users:
On 2023-11-30 at 08:03:09 UTC-0500 (Thu, 30 Nov 2023 14:03:09 +0100)
Alexander Leidinger via Postfix-users
is rumored to have said:
My main.cf contains the same certs-path for smtp and smtpd TLS
connections:
---snip---
# grep CApath
Hi,
There is something strange with delivering mail from my mailserver to
github, it complains about the github server certificate not verified on
an outgoing TLS connection.
My main.cf contains the same certs-path for smtp and smtpd TLS
connections:
---snip---
# grep CApath main.cf
smtp_tl
26 matches
Mail list logo
