Re: Postfix cannot start tls: handshake failure

Viktor Dukhovni wrote >> On Mar 30, 2017, at 12:03 AM, Den1 < > webmaster@ > > wrote: >> >>> smtp_tls_ciphers = medium >>> smtp_tls_exclude_ciphers = >>> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4 >> >> Why would you exclude these ciphers > > Because: > > * MD5 is weak, obsolete and u

Re: Postfix cannot start tls: handshake failure

> On Mar 30, 2017, at 12:03 AM, Den1 wrote: > >> smtp_tls_ciphers = medium >> smtp_tls_exclude_ciphers = >> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4 > > Why would you exclude these ciphers Because: * MD5 is weak, obsolete and unnecessary * SRP and PSK require special code to use,

RE: Postfix cannot start tls: handshake failure

L.P.H. van Belle wrote > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = > MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4 > > Greetz, > Louis Why would you exclude these ciphers and make them medium, Louis? -- View this message in context: http://postfix.1071664.n5.nabble.com/Po

Re: Postfix cannot start tls: handshake failure

On Wed, Mar 29, 2017 at 05:03:51AM -0700, Den1 wrote: > I was wondering is it actually advisable to use tls on smtp? When I tried it > out with my self-signed certificates just to see if it's of any convenience > to implement this feature I received the following response: > > TLS required, but w

Re: Postfix cannot start tls: handshake failure

On Wed, Mar 29, 2017 at 04:14:35AM -0700, oakley wrote: > *openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)* > Why on earth are you wasting our time showing results of connections to an HTTPS service. In every message you post, show the current *Postfix* configuration, *l

RE: Postfix cannot start tls: handshake failure

Well, Viktor was talking about those: smtp_tls_security_level = encrypt -or- secure smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt and my question was about those as well. You may read it once again since you have this one set: smtp_tls_security_level = may and I think it's not the same

RE: Postfix cannot start tls: handshake failure

Louis > -Oorspronkelijk bericht- > Van: webmas...@lshipping.info [mailto:owner-postfix-us...@postfix.org] > Namens Den1 > Verzonden: woensdag 29 maart 2017 14:50 > Aan: postfix-users@postfix.org > Onderwerp: RE: Postfix cannot start tls: handshake failure > > Hi Louis, > > Thank

RE: Postfix cannot start tls: handshake failure

Hi Louis, Thank you for your input, I appreciate. I have smtpd running OK with all the key_file, cert_file and so on. I was asking about smtp. These two are different :-) -- View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p

RE: Postfix cannot start tls: handshake failure

mens Den1 > Verzonden: woensdag 29 maart 2017 14:04 > Aan: postfix-users@postfix.org > Onderwerp: Re: Postfix cannot start tls: handshake failure > > I was wondering is it actually advisable to use tls on smtp? When I tried > it > out with my self-signed certificates just to see if

Re: Postfix cannot start tls: handshake failure

I was wondering is it actually advisable to use tls on smtp? When I tried it out with my self-signed certificates just to see if it's of any convenience to implement this feature I received the following response: TLS required, but was not offered by host -or- we do not run TLS engine -or- certifi

Re: Postfix cannot start tls: handshake failure

*openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)* CONNECTED(0003) depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority verify error:num=20:unable to get local issuer certificate --- Certificate chain 0 s:

Re: Postfix cannot start tls: handshake failure

> On Mar 27, 2017, at 3:26 PM, oakley wrote: > > I'm now using port 25. Perhaps. But logging associated failure is more useful than just noting this claim. > I've tested to see if my firewall or what ever was blocking it, but I can > connect when I tested via; > > $ openssl s_client -connect

Re: Postfix cannot start tls: handshake failure

Here is the contents of my: *postconf -n* alias_database = hash:/etc/postfix/virtual alias_maps = hash:/etc/postfix/virtual append_dot_mydomain = no biff = no inet_interfaces = all inet_protocols = all mailbox_size_limit = 0 mydestination = $myhostname, (mydomain.com), localhost, localhost.locald

Re: Postfix cannot start tls: handshake failure

I'm now using port 25. I've tested to see if my firewall or what ever was blocking it, but I can connect when I tested via; *openssl s_client -connect email-smtp.eu-west-1.amazonaws.com:25 -starttls imap* OUTCOME: CONNECTED(0003) didn't found

Re: Postfix cannot start tls: handshake failure

> On Mar 27, 2017, at 1:51 PM, oakley wrote: > > Appreciate the reply, Viktor. I've done everything you've suggested... Not quite, as you're not connecting to the right relay service. Do check an authoritative source on what relayhost you're supposed to use. > This is when I use: > *smtp_tls

Re: Postfix cannot start tls: handshake failure

Appreciate the reply, Viktor. I've done everything you've suggested and here is the report: This is when I use: *smtp_tls_security_level =encrypt* B3A80BEF2F: uid=0 from= localhost postfix/cleanup[5021]: B3A80BEF2F: message-id=<20170327174324.B3A80BEF2F@localhost.localdomain> localhost postfi

Re: Postfix cannot start tls: handshake failure

> On Mar 27, 2017, at 1:09 PM, oakley wrote: >  > SSL_connect error to email-smtp.eu-west-1.amazonaws.com[52.51.114.192]:25: -1 > > localhost postfix/smtp[2100]: warning: TLS library problem: > error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO: > unknown protocol:s23_clnt.c:794:93591BE