Osama Al-Hassani:
> > Which Postfix SMTP client implementation matches server certificates
> > against server IP addresses?
>
> We are using 3.2.0 vanilla.
>
> To clarify, this is when using the "match" attribute with "verify" security
> level. I could rephrase the question as to why anything
DNS names are
ignored in the SANs field?
Thanks,
Osama
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Wietse Venema
Sent: 15 June 2017 21:47
To: Postfix users
Subject: Re: Outbound TLS Certificate Verification
Os
; Osama
>
> -Original Message-
> From: owner-postfix-us...@postfix.org
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni
> Sent: 15 June 2017 01:33
> To: postfix-users@postfix.org
> Subject: Re: Outbound TLS Certificate Verification
>
> On W
...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Viktor Dukhovni
Sent: 15 June 2017 01:33
To: postfix-users@postfix.org
Subject: Re: Outbound TLS Certificate Verification
On Wed, Jun 14, 2017 at 09:12:20PM +, Osama Al-Hassani wrote:
> When verifying server certificates on outbo
On Wed, Jun 14, 2017 at 09:12:20PM +, Osama Al-Hassani wrote:
> When verifying server certificates on outbound connections, it seems we
> are unable verify the IP addresses part of the SANs field. We are able to
> verify IPs in CNs.
Email is sent to addresses of the form ,
where the "domain-p
Viktor Dukhovni:
> On Sat, Feb 20, 2016 at 08:32:31AM -0500, Wietse Venema wrote:
>
> > > Creating a separate hash file with following content like below solved my
> > > issue but doing the same for all domain will not be acceptable solution
> > > ...
> >
> > If you want to encrypt mail to all d
On Sat, Feb 20, 2016 at 08:32:31AM -0500, Wietse Venema wrote:
> > Creating a separate hash file with following content like below solved my
> > issue but doing the same for all domain will not be acceptable solution ...
>
> If you want to encrypt mail to all domains:
>
> /etc/postfix/main.cf
>
Joy:
> Creating a separate hash file with following content like below solved my
> issue but doing the same for all domain will not be acceptable solution ...
If you want to encrypt mail to all domains:
/etc/postfix/main.cf
smtp_tls_security_level = encrypt
But I would not recommend this.
Creating a separate hash file with following content like below solved my
issue but doing the same for all domain will not be acceptable solution ...
In case any other solution exist which i may be missing just let me know.
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
gmail.com encrypt
.
Christian Kivalo:
>
>
> Am 13. Februar 2016 11:10:25 MEZ, schrieb Joy :
> >May i know how can i force postfix to use TLS if remote MTA advertises
> >STARTTLS on port 25 to connect to remote server ?
> >
> >I am already using TLS and connecting from outlook is working
> >perfectly,
> >but when sen
As far as I know Google use STARTTLS on port 587 and not port 25.
Have a look at
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_smtp_authentication_to_isp
to see how to set up relaying via STARTTLS.
A word of caution though. I believe
Am 13. Februar 2016 11:10:25 MEZ, schrieb Joy :
>May i know how can i force postfix to use TLS if remote MTA advertises
>STARTTLS on port 25 to connect to remote server ?
>
>I am already using TLS and connecting from outlook is working
>perfectly,
>but when sending mail to google it now says TLS
12 matches
Mail list logo
