on behalf of Viktor
Dukhovni" wrote:
> On Jun 22, 2019, at 2:20 PM, Security Admin (NetSec)
wrote:
>
> One of the other posters was correct; it was a certificate issue.
Reissued my cert on my postfix SMTP mail gateways.
As expected, the keyUsage you
Apologies for multiple emails to this list for the same problem.
Some internet searches got me to the right solution.
One of the other posters was correct; it was a certificate issue. Reissued my
cert on my postfix SMTP mail gateways.
All seems to be working now. Gmail defaults to TLS 1.2
I
nnect from
mail-wr1-f42.google.com[209.85.221.42] ehlo=1 starttls=0/1 commands=1/2
On 6/22/19, 10:31 AM, "owner-postfix-us...@postfix.org on behalf of Benny
Pedersen" wrote:
Security Admin (NetSec) skrev den 2019-06-22 19:15:
> What is the correct procedure to disable
What is the correct procedure to disable TLS 1.3 negotiation on postfix?
" If you are netsecdesign.com, ssllabs says your cert has issues. Not that this
may be your problem, but I would fix that first."
This cert is not the same cert or the same server or the same IP address as my
postfix SMTP gateway.
The postfix SMTP gateway uses a self-signed certificate.
On 6
Doh!
!TLSv1.3 added to "main.conf" fixed the issue hopefully.
Will work on updating certificate later...
On 6/22/19, 8:10 AM, "owner-postfix-us...@postfix.org on behalf of Security
Admin (NetSec)" wrote:
I figured TLS 1.3 might be the culprit from the logs.
The website for “netsecdesign.com” is different than the one for my postfix
gateway. Different machine, different IP address, different cert.
From: on behalf of lists
Date: Friday, June 21, 2019 at 10:13 PM
To: Security Admin , "postfix-users@postfix.org"
Subject: Re: Unable to send or rec
Edward Ray
On 6/21/19, 10:36 PM, "owner-postfix-us...@postfix.org on behalf of Viktor
Dukhovni" wrote:
On Sat, Jun 22, 2019 at 04:09:45AM +0000, Security Admin (NetSec) wrote:
> Within the last week or so I am suddenly unable to send or receive from
> Google
Within the last week or so I am suddenly unable to send or receive from Google
Gmail. Any help with this issue would be appreciated.
Receive Error from mail.log:
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_accept:SSLv3/TLS write
certificate
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_a
am and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu<mailto:ang...@uconn.edu>
University of Connecticut, UITS, SSG, Server Systems
860-486-9075
From: owner-postfix-us...@postfix.org<mailto:owner-postfix-us...@postfix.org>
[mailto:owner-postfix-us...@postfix.org] On Be
Recently imported files that contained the TLS certificate and the private key.
Imported them to them proper directories and changed the default settings from
the old cert & key files to the new files
("smtpd_tls_cert_file=/etc/ssl/certs/tlscert.pem" and
"smtpd_tls_key_file=/etc/ssl/private/tls
Problem fixed. Legacy entry in "main.cf"
Apologies, never mind.
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Security Admin (NetSec)
Sent: Saturday, August 20, 2016 11:43 AM
To: Postfix users
Subject: C
Recently updated to Postfix 3.1
Noticed the following error in my "mail.log" file:
"postfix/smtp [ ]: Cannot load Certification Authority data,
CAfile'"/etc/postfix/localrootCA.pem": disabling TLS support
Where "localrootCA.pem" is the public key of the root CA for my Windows AD
domain. Pos
I have a postfix mail gateway sitting in front of my internal Exchange 2013
mail servers. Currently have my "/etc/postfix/transport" file set to send mail
to only one of those Exchange servers:
"domain.comsmtp:192.168.1.108"
Would like to setup multiple internal Exchange Server entries
Brain fart. Forgot to modify the "/etc/postfix/transport" file with the new
domain.
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Security Admin (NetSec)
Sent: Thursday, January 16, 2014 11:25 AM
To: postfix-users@postfix.org
Subject: &
I recently added a new domain to my postfix mail gateway. I use the
"relay_domains = newdomain, domain2, ..." in "main.cf" to add accepted domains.
I also updated my "relay_recipients" file with the following line:
"@newdomain.com x OK"
All of my other domains s
> smtp_tls_CAfile = /etc/postfix/exchange.pem
>>You can list more CAs in this file if you wish.
Is there an existing file or a weblink that would list the current accepted
global root CAs? Since the only one in the "exchange.pem" file is from my
Exchange Server, I could append to this file all
This is more of an annoyance than anything else. When my Postfix (v 2.6.7)
attempts to send a message via TLS the following warning is received:
"postfix/smtp[28338]: certificate verification failed for
mail.x.org[xxx.xxx.xxx.xxx]:25: untrusted issuer
/C=US/O=Entrust.net/OU=www.entrust.net
running 2.7.0
I have not changed anything in "main.cf" or "master.cf"
Getting following error in /var/log/maillog
Mar 21 19:00:18 x postfix/smtpd[8118]: fatal: invalid "-o content_filter"
option value: missing '=' after attribute name
Mar 21 19:00:19 x postfix/master[8109]: warning: pro
running 2.7.0
I have not changed anything in "main.cf" or "master.cf"
Getting following error in /var/log/maillog
Mar 21 19:00:18 x postfix/smtpd[8118]: fatal: invalid "-o content_filter"
option value: missing '=' after attribute name
Mar 21 19:00:19 x postfix/master[8109]: warning: pr
I currently use Postfix 2.6.5 as mail gateway and Exchange 2007 for internal
e-mail. Right now I have a soft TLS requirement on outbound mail, i.e.
Exchange 2007 is setup to connects via TLS only. For Postfix to require TLS
connection from internal mail server what would I have to change to t
Running Postfix as a mail gateway, version 2.6.5 and am finally getting around
to implementing SPF in Postfix. I thought the TXT record in DNS would suffice
which is how I have been running it.
Found this how-to link http://www.howtoforge.com/postfix_spf
Is this the proper way or is another r
I have been using Exchange 2007 with postfix mail gateway for almost 3 years
now; both outbound and inbound are encrypted and have had minimal issues (due
to my own stupidity) with communications. I posted a few years ago when I was
running Exchange 2003 which did not do encryption properly and
Could someone provide links to sites where IP addresses are grouped by country?
ASNs would work too but would prefer IP lists that I could put in a file that
my postfix mail gateway could read. Obvious countries like China and Brazil I
would like to block wholesale. Thanks in advance!
I have a network device that I am trying to have logs sent to my mail server
via my postfix mail gateway. When trying to send a test e-mail I get the
following error in my maillog file:
postfix/smtpd[17063]: warning: Illegal address syntax from
device.domain.com[xxx.yyy.zzz.9] in MAIL command:
To: postfix-users@postfix.org
Subject: Re: SSL/TLS for dummies
2009/3/17 Security Admin (NetSec) :
> Someday (maybe today) I will WRITE DOWN the proper way to generate and export
> certificates. Getting this warning in my maillog:
>
> "warning: cannot get private key from
Someday (maybe today) I will WRITE DOWN the proper way to generate and export
certificates. Getting this warning in my maillog:
"warning: cannot get private key from file /etc/postfix/privkey.pem"
Doesn't stop TLS from occurring, it is just annoying. TLS is used between
postfix mail gateways
One of my network devices seems to have issues with its hostname:
"Unexpected error from e-mail server(state=3): 504 5.5.2 :
Helo command rejected: need fully-qualified hostname."
Appears in my event log of the device when it tries to send logs to my Postfix
gateway server. Is there a filter
28 matches
Mail list logo
