Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 07:22:37PM +0200, Lists Nethead wrote:
> Your server defaults to an ECDSA P-384 certificate, the client may not
> support ECDSA at all, or may not support P-384 (P-256 is a more broadly
> supported choice):
>
> $ posttls-
Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 06:47:39PM +0200, Lists Nethead wrote:
>> smtpd_tls_protocols = >=TLSv1.2
>
> That's not the default setting.
>
>> smtpd_tls_exclude_ciphers = aNULL
>
> This is only appeases clueless auditors, in realit
Quoting Benny Pedersen :
Lists Nethead skrev den 2022-09-28 18:47:
smtpd_tls_protocols = >=TLSv1.2
Hm, what is the default then?
put an # infront of this line in main.cf, then do a postfix reload
simple ? :=)
If this would enable everything from tls1, no.
Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 06:38:15PM +0200, Lists Nethead wrote:
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with "no shared cipher". The configuration i
Quoting Viktor Dukhovni :
On Sun, Sep 25, 2022 at 10:24:23AM +0200, Lists Nethead wrote:
> You probably do not need a dedicated port, just configure both an
> RSA and a DSA certificate. Why you'd want to do this is a mystery,
> an SMTP client that only supports DSS is rather
Quoting Viktor Dukhovni :
On Sat, Sep 24, 2022 at 01:22:30PM +0200, Lists Nethead wrote:
I am tasked with what the subject says, to enable
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
from a specific IP.
Note that while the cipher was first defined for use in SSLv3, it
Hello Postfix users,
I am tasked with what the subject says, to enable
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
from a specific IP.
I suppose that must be a lookup table but unsure about the syntax. Or,
is smtpd_discard_ehlo_keyword_address_maps the way to go?
Thankful f
postfix-3.2.2
Case in question:
transport_maps = hash:/usr/local/etc/postfix/transport,
ldap:/usr/local/etc/postfix/ldap-transport.cf
I had the (possibly erroneous) belief that Postfix searches the tables
in the order given in main.cf and that the domain part is sufficient.
What we wanted
