Hi
On 01.06.22 12:17, Maurizio Caloro wrote:
I don't know much about Acme.sh, but it doesn't look right combining
"--rsa-key-size 4096" and "--key-type ecdsa".
Yes try with command certbot
I think raf is referring to the mismatch between algorithm, i.e. ECDSA,
and the key specification and
Hi
On 04.11.21 10:20, Ansgar Wiechers wrote:
On 2021-11-04 Matus UHLAR - fantomas wrote:
Are IP ranges (IP1-IP2) supported in mynetworks,
smtpd_client_event_limit_exceptions or access lists?
If so, in what format?
192.168.0.10-192.168.0.100
192.168.0.10-100
[...]
According to the documentat
On 03.07.2019 17:24, David Gibbs wrote:
> On 7/2/19 3:03 PM, David Mehler wrote:
>> JulĀ 2 14:59:44 mail postfix/smtp[14345]: Untrusted TLS connection
>> established to gmail-smtp-in.l.google.com[173.194.68.27]:25: TLSv1.3
>> with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
>>
On 11.12.2015 09:11, Zalezny Niezalezny wrote:
> is it possible to configure in Postfix multiple TLS certificates.
AFAIK, you can configure each smtp and smtpd instance with a certificate
of its own, so you could, for instance, have several smtpds listening on
different IP addresses, each with an
Hi Viktor
Thanks for weighing in with very valuable points one the limitations of
SMTP-TLS. Rest assured that I am well aware of them, especially of the
inherent quality of the SMTP "system" that the client is predominantly
resposible for the e-mail security policy.
Cheers,
Tobias
Hi
On 11.11.2015 14:51, Wietse Venema wrote:
> See: reject_plaintext_session
> http://www.postfix.org/postconf.5.html#reject_plaintext_session
Cool, thanks a lot, I'd missed that.
Cheers,
Tobias
Hi
I've got a client who wants to do mandatory TLS for e-amils to as well
as from several parties, identified by their domains. Outbound mandatory
TLS is easy enough using smtp_tls_policy_maps. We have also enabled
opportunistic TLS on the smtpd and have explained to our client that
he'd be in con
Hi
Viktor Dukhovni wrote on 03.02.2015 18:12:
> On Tue, Feb 03, 2015 at 04:41:40PM +, Viktor Dukhovni wrote:
>
>> If your Postfix is old enough, and is linked against OpenSSL 0.9.8,
>> it only supports md5 and sha1.
Thanks, Viktor, that'll be it.
> "Old enough" means older than these:
[...]
Hello
Hope you'll be able to help me again, I'm having problems with a postfix
(2.8.5) not being able to send e-mail to a domain because the server
certificate is untrusted and the TLS policy is set to "verify". It used
to work, but the certificate of the site has changed.
The domain in question
I have the explanation -- I should've looked into the tcpdump output
more closely.
Viktor Dukhovni wrote the following on 05.11.2014 16:30:
> On Wed, Nov 05, 2014 at 01:27:49PM +0100, Tobias Reckhard wrote:
>> It looks as though mail01.i-sec.tuv.com dropped the connection, thou
Hello
I'm experiencing the above problem on a customer's system while trying
to send mail to the domain i-sec.tuv.com -- I've replaced the HELO/EHLO
of our customer with mail.customer. The logs say:
Nov 5 12:36:45 pxmail1 postfix/smtp[8378]: <
mail01.i-sec.tuv.com[193.24.224.9]:25: 220 mail01.i-
Viktor Dukhovni wrote the following on 23.10.2013 16:23:
> If your Postfix version is 2.9.0--2.9.5 DO NOT USE public key
> fingerprints, or upgrade to 2.9.6 or later.
That wasn't the problem, the documentation is quite clear in this
regard. I mistakenly used the public key instructions for a pre-2
Viktor Dukhovni wrote the following on 21.10.2013 17:21:
> On Mon, Oct 21, 2013 at 10:07:13AM -0500, Noel Jones wrote:
>> Looks as if they use a private root CA. Probably the easiest fix is
>> to use "fingerprint" verification. See:
>> http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
>
Viktor Dukhovni wrote the following on 21.10.2013 17:30:
> This organization uses SHA256 signatures for their certificates, even
> though these are not widely supported.
Ah, OK, thanks for the explanation.
> The most recent patch levels
> of Postfix 2.7, 2.8, 2.9 and 2.10 have support for SHA256
Hello
In configuring a postfix 2.7.0 (on Ubuntu 10.04 LTS) for mandatory TLS
to a couple of domains, I'm running into the following oddity when
sending e-mail to the UniCredit servers:
Oct 21 08:43:58 postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
Sorry, I should've checked the archives first. I've found
http://archives.neohapsis.com/archives/postfix/2008-11/0337.html, I'll
come back if necessary.
Please excuse my previous post.
Cheers,
Tobias
Hi
Is it possible to perform a check to see if envelope sender and envelope
recipient are identical (and within a specific domain or, even better,
within a list, e.g. relay_recipients) with postfix check_mumble_access
rules? Following Ralf's hints at www.arschkrebs.de, I can chain sender
and recip
17 matches
Mail list logo
