> "James" == James B Byrne writes:
James> On Fri, December 25, 2020 12:43, John Stoffel wrote:
>>
>> Why don't you setup a local only postfix instance on the same host as
>> the application, which only listed on 127.0.0.1:25, which the dumb
>> Java app can then send email through *without e
On Fri, December 25, 2020 12:43, John Stoffel wrote:
>
> Why don't you setup a local only postfix instance on the same host as
> the application, which only listed on 127.0.0.1:25, which the dumb
> Java app can then send email through *without encryption*, then let
> the local postfix instance
> "James" == James B Byrne writes:
James> On Mon, December 21, 2020 20:00, Jaroslaw Rafa wrote:
>>
>> If you are able to connect via 465, then maybe the application just isn't
>> designed to use "inline" TLS, but rather uses only SMTP-over-TLS? The latter
>> is supported on port 465, while s
Jaroslaw Rafa:
> Dnia 23.12.2020 o godz. 09:32:31 @lbutlr pisze:
> >
> > The recommendation for years has been to use port 587 (submission) for
> > STARTTLS and to never use port 25 for anything but server-to-server
> > communication.
>
> And server-to-server communication nowadays uses STARTTLS,
Dnia 23.12.2020 o godz. 09:32:31 @lbutlr pisze:
>
> The recommendation for years has been to use port 587 (submission) for
> STARTTLS and to never use port 25 for anything but server-to-server
> communication.
And server-to-server communication nowadays uses STARTTLS, doesn't it?
--
Regards,
On 22 Dec 2020, at 07:19, James B. Byrne wrote:
> it appears to me that
> connecting to port 25 with STARTTLS is the accepted practice.
The recommendation for years has been to use port 587 (submission) for STARTTLS
and to never use port 25 for anything but server-to-server communication.
--
W
On Tue, Dec 22, 2020 at 02:26:08PM -0500, James B. Byrne wrote:
> > Your suspicions are unfounded. The client is rejecting the server's
> > certificate chain with a fatal certificate unknown alert. That's the
> > issue to fix. All else is distraction.
>
> After reviewing Postix logs with smtpd
James B. Byrne:
[ Charset ISO-8859-1 converted... ]
>
>
> On Tue, December 22, 2020 13:27, Viktor Dukhovni wrote:
>
> >
> > Your suspicions are unfounded. The client is rejecting the server's
> > certificate chain with a fatal certificate unknown alert. That's the
> > issue to fix. All else i
On Tue, December 22, 2020 13:27, Viktor Dukhovni wrote:
>
> Your suspicions are unfounded. The client is rejecting the server's
> certificate chain with a fatal certificate unknown alert. That's the
> issue to fix. All else is distraction.
>
After reviewing Postix logs with smtpd_tls_loggin
On Tue, Dec 22, 2020 at 01:21:06PM -0500, James B. Byrne wrote:
> > You could hypothetically have different certificate settings for
> > the different ports in master.cf, but if you don't then indeed
> > the server side TLS behaviour is likely the same across the board.
>
> I do not. And, I beli
On Tue, December 22, 2020 12:46, Viktor Dukhovni wrote:
> On Tue, Dec 22, 2020 at 09:24:27AM -0500, James B. Byrne wrote:
>
>> > It clearly supports STARTTLS, since it is actually performing the TLS
>> > handshake, and abandons it after receiving certificates it is not happy
>> > with.
>>
>> Whi
On Tue, Dec 22, 2020 at 10:57:48AM -0500, James B. Byrne wrote:
> Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS read
> client hello
> Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
> server hello
> Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SS
On Tue, Dec 22, 2020 at 09:24:27AM -0500, James B. Byrne wrote:
> > It clearly supports STARTTLS, since it is actually performing the TLS
> > handshake, and abandons it after receiving certificates it is not happy
> > with.
>
> Which confuses me, because I can use java to successfully negotiate a
I have been looking at the Postfix logs and wonder if this is significant:
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS read client
hello
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
server hello
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: S
On Mon, December 21, 2020 20:07, Viktor Dukhovni wrote:
> It clearly supports STARTTLS, since it is actually performing the TLS
> handshake, and abandons it after receiving certificates it is not happy
> with.
>
Which confuses me, because I can use java to successfully negotiate a
certificate
On Mon, December 21, 2020 20:00, Jaroslaw Rafa wrote:
>
> If you are able to connect via 465, then maybe the application just isn't
> designed to use "inline" TLS, but rather uses only SMTP-over-TLS? The latter
> is supported on port 465, while submission via port 587 requires first
> plaintext
On Mon, December 21, 2020 16:12, Wietse Venema wrote:
>
> This test connects to a DIFFERENT Postfix service than the Javamail client.
> This proves NOTHING about the service that the Javamail client connects to.
>
We are discussing this at cross-purposes. I understand that the service at 465
On Tue, Dec 22, 2020 at 02:00:27AM +0100, Jaroslaw Rafa wrote:
> If you are able to connect via 465, then maybe the application just isn't
> designed to use "inline" TLS, but rather uses only SMTP-over-TLS? The latter
> is supported on port 465, while submission via port 587 requires first
> plain
Dnia 21.12.2020 o godz. 16:33:57 James B. Byrne pisze:
> I have finally gotten to the point that the certificate errors are not the
> Java
> issue, or at least they should not be, since I can use Java and the keystore
> to
> successfully connect to Postfix, albeit on port 465.
If you are able to
On Mon, December 21, 2020 15:42, Viktor Dukhovni wrote:
>
> This is largely a non-Postfix issue. You're struggling to configure and
> use some Java software, and this is not the forum for support with that.
I understand that. Java support is not what I am asking for. I am trying to
understa
James B. Byrne:
> >> JAVA_VERSION="12" java
> >> -Djavax.net.ssl.trustStore=/opt/idempiere/idempiere-server/jettyhome/etc/keystore
> >> -Djavax.net.ssl.trustStorePassword=idempiere-2020-ksadmin SSLPoke
> >> 192.168.216.32 465
> >> Successfully connected
> >
> > That proves nothing. This test uses
On Mon, December 21, 2020 15:22, Wietse Venema wrote:
> James B. Byrne:
> [ Charset ISO-8859-1 converted... ]
>>
>>
>> On Mon, December 21, 2020 13:46, Wietse Venema wrote:
>> > James B. Byrne:
>> >> > Dec 21 12:25:21 mx32 postfix-p25/smtpd[62565]: warning: TLS library
>> >> problem:
>> >> > err
On Mon, Dec 21, 2020 at 03:11:13PM -0500, James B. Byrne wrote:
> JAVA_VERSION="12" java
> -Djavax.net.ssl.trustStore=/opt/idempiere/idempiere-server/jettyhome/etc/keystore
> -Djavax.net.ssl.trustStorePassword=testing SSLPoke 192.168.216.32 465
This is largely a non-Postfix issue. You're strug
James B. Byrne:
[ Charset ISO-8859-1 converted... ]
>
>
> On Mon, December 21, 2020 13:46, Wietse Venema wrote:
> > James B. Byrne:
> >> > Dec 21 12:25:21 mx32 postfix-p25/smtpd[62565]: warning: TLS library
> >> problem:
> >> > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>
On Mon, December 21, 2020 14:20, Viktor Dukhovni wrote:
>
> - The Postfix SMTP server is reporting an error from the underlying
> OpenSSL library.
> - That error is receipt of a fatal "SSL alert", i.e. a courtesy message
> from the *client* that it cannot complete the handshake, and is givi
On Mon, December 21, 2020 13:46, Wietse Venema wrote:
> James B. Byrne:
>> > Dec 21 12:25:21 mx32 postfix-p25/smtpd[62565]: warning: TLS library
>> problem:
>> > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>> > unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:154
On Mon, Dec 21, 2020 at 12:30:57PM -0500, James B. Byrne wrote:
> Dec 21 12:25:21 mx32 postfix-p25/smtpd[62565]: warning:
> TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:
> sslv3 alert certificate unknown:
> /usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:
> SSL alert
James B. Byrne:
> > Dec 21 12:25:21 mx32 postfix-p25/smtpd[62565]: warning: TLS library problem:
> > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
> > unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert
> > number
> > 46:
> > Dec 21 12:25:21 mx32 postfix-
On Mon, December 21, 2020 12:30, James B. Byrne wrote:
> I have gotten to the point that the keystore used by the jetty application is
> properly configured:
>
> JAVA_VERSION="12" java
> -Djavax.net.ssl.trustStore=/opt/idempiere/idempiere-server/jettyhome/etc/keystore
> -Djavax.net.ssl.trustSto
I have gotten to the point that the keystore used by the jetty application is
properly configured:
JAVA_VERSION="12" java
-Djavax.net.ssl.trustStore=/opt/idempiere/idempiere-server/jettyhome/etc/keystore
-Djavax.net.ssl.trustStorePassword=testing SSLPoke mx32.harte-lyne.ca 465
Successfully conne
James B. Byrne:
[ Charset ISO-8859-1 converted... ]
>
>
> On Thu, December 17, 2020 14:28, Wietse Venema wrote:
> > Wietse Venema:
> >
> > Very likely, tls_wrappermode is turned on as it should be on port
> > 465, which requires the client to speak first (no server greewting,
> > no client EHLO a
On Thu, December 17, 2020 14:28, Wietse Venema wrote:
> Wietse Venema:
>
> Very likely, tls_wrappermode is turned on as it should be on port
> 465, which requires the client to speak first (no server greewting,
> no client EHLO and STARTTLS).
>
> Apparently, the client is configured to expect "p
Wietse Venema:
> James B. Byrne:
> > I am attempting to configure a Javamail client embedded in a Jetty
> > application
> > to send outgoing email through our outgoing MX. I have the following
> > variables
> > available to me:
> >
> > Mail Host: 192.168.216.32
> > SMTP Authentication: Set to o
James B. Byrne:
[ Charset ISO-8859-1 converted... ]
> I am attempting to configure a Javamail client embedded in a Jetty application
> to send outgoing email through our outgoing MX. I have the following
> variables
> available to me:
>
> Mail Host: 192.168.216.32
> SMTP Authentication: Set to o
34 matches
Mail list logo
