On 03 Feb 2021, at 10:02, Viktor Dukhovni wrote:
>> On Feb 3, 2021, at 2:34 PM, @lbutlr wrote:
>>> However, in my role as an admin, you just gave me excellent
>>> justification to never run Postfix.
>> If you think that is a reason to not run Postfix then you can't run SMTP at
>> all.
>>
>> Y
On 2/2/21 12:39 PM, Leo Bicknell wrote:
> In a message written on Tue, Feb 02, 2021 at 04:54:18PM +, Antonio Leding
> wrote:
>>You're not doin' well son...quit diggin' and go back to rethink your
>>approach. I dare say at least a majority on this list, including
>>myself, will trus
> On Feb 3, 2021, at 2:34 PM, @lbutlr wrote:
>
>> However, in my role as an admin, you just gave me excellent
>> justification to never run Postfix.
>
> If you think that is a reason to not run Postfix then you can't run SMTP at
> all.
>
> You do not get to redefine standards just on your whim
On 02 Feb 2021, at 08:27, Leo Bicknell wrote:
> However, in my role as an admin, you just gave me excellent
> justification to never run Postfix.
If you think that is a reason to not run Postfix then you can't run SMTP at all.
You do not get to redefine standards just on your whim.
--
Competen
Leo Bicknell:
> In a message written on Tue, Feb 02, 2021 at 04:54:18PM +, Antonio Leding
> wrote:
> >You're not doin' well son...quit diggin' and go back to rethink your
> >approach. I dare say at least a majority on this list, including
> >myself, will trust Viktor et al a far bi
On Tue, Feb 02, 2021 at 09:39:22AM -0800, Leo Bicknell wrote:
> I have found many opinions of the severity or urgency, but I have yet
> in any previous community had anyone argue that dropping the TLS
> connection was a good behavior.
Postfix is NOT dropping the TLS connection, it sends a close n
In a message written on Tue, Feb 02, 2021 at 04:54:18PM +, Antonio Leding
wrote:
>You're not doin' well son...quit diggin' and go back to rethink your
>approach. I dare say at least a majority on this list, including
>myself, will trust Viktor et al a far bit more than someone comi
On Tue, Feb 02, 2021 at 10:44:34AM -0500, Curtis Maurand wrote:
> Jumping in as an observer with 25 years of admin experience with
> public facing equipment and servers. This problem seems more of a
> problem with the tls libraries.
The SSL_shutdown() behaviour in sufficiently recent OpenSSL vers
You’re not doin’ well son…quit diggin’ and go back to rethink
your approach. I dare say at least a majority on this list, including
myself, will trust Viktor et al a far bit more than someone coming in
from the cold who freely admits the are not “well versed” in the
app, nor a key protocol use
On Tue, Feb 02, 2021 at 08:09:54AM -0800, Leo Bicknell wrote:
> Maybe you run your servers at 99.99% load, and that extra
> 0.01 will put them over the edge. I can only tell you that I,
> as one admin, would absolutely take the extra load to get proper
> shutdown behavior.
>
> If I need
In a message written on Tue, Feb 02, 2021 at 10:56:04AM -0500, Viktor Dukhovni
wrote:
> well-intentioned work. Fair enough, but ... the reality of the
> situation is that what you perceive to be a bug is a carefully
> considered feature, that optimises for keeping the MTAs limited
> resources ava
In a message written on Tue, Feb 02, 2021 at 10:44:34AM -0500, Curtis Maurand
wrote:
> Jumping in as an observer with 25 years of admin experience with
> public facing equipment and servers. this problem seems more of a
> problem with the tls libraries.
I violently agree with this statement.
htt
On Tue, Feb 02, 2021 at 07:27:27AM -0800, Leo Bicknell wrote:
> I won't attempt you change your mind, as you've clearly made it up.
It appears we have reciprocity.
> However, in my role as an admin, you just gave me excellent
> justification to never run Postfix. The shutdown aspects of protoco
Jumping in as an observer with 25 years of admin experience with public facing
equipment and servers. this problem seems more of a problem with the tls
libraries. it’s not up to the app to close the tls connection. that layer is
below the application layer. when the application terminates its
On 2 Feb 2021, at 10:15, Viktor Dukhovni wrote:
If someone writes a draft to define a "STOPTLS" ESMTP
extension, then
... there will be a chorus of responses denouncing it as useless and
even harmful. :)
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@bill
On 2 Feb 2021, at 9:49, Leo Bicknell wrote:
Perhaps Postfix does not support returning to clear text from a
STARTTLS
session and doing futher protocol operations. I have not looked. But
if it
does, I believe the proper shutdown behavior is a MUST.
No SMTP server should ever support downgra
In a message written on Tue, Feb 02, 2021 at 10:15:49AM -0500, Viktor Dukhovni
wrote:
> There is no problem, both sides send a "close_notify" alert when closing
> their "write side" of the transmission channel. So neither reader will
> ever see an abuptly lost connection. However, keep in mind t
On Tue, Feb 02, 2021 at 06:49:31AM -0800, Leo Bicknell wrote:
> In a message written on Tue, Feb 02, 2021 at 09:23:56AM -0500, Viktor
> Dukhovni wrote:
> > There is no issue, because SMTP is self-framing. The SMTP transaction
> > is cleanly terminated via QUIT or RSET at the application layer.
In a message written on Tue, Feb 02, 2021 at 09:23:56AM -0500, Viktor Dukhovni
wrote:
> There is no issue, because SMTP is self-framing. The SMTP transaction
> is cleanly terminated via QUIT or RSET at the application layer. There
> is no need for the transport protocol to provide end-of-stream
On Tue, Feb 02, 2021 at 05:26:52AM -0800, Leo Bicknell wrote:
> I have been recently debugging some corner cases in OpenSSL's
> SSL_shutdown call in sendmail (I ask your forgiveness) and now that
> I seem to have it right there I have decided to look at other mailers
> for similar issues.
There i
I have been recently debugging some corner cases in OpenSSL's
SSL_shutdown call in sendmail (I ask your forgiveness) and now that
I seem to have it right there I have decided to look at other mailers
for similar issues.
A discussion with the OpenSSL folks on how to properly shut down a
connectio
21 matches
Mail list logo
