Ll
--
Paul Hoffman
On Feb 5, 2014 10:37 PM, "Alan Munday"
wrote:
>
> I found a problem in my logs with respect to receiving email from
> outlook.com. When I looked into it I thought it was due to the TLS certs
> having expired. I've created new certificates (self-signed) but the problem
> is c
Viktor Dukhovni wrote the following on 08/02/14 03:21:
On Fri, Feb 07, 2014 at 11:49:55PM +, Alan Munday wrote:
Does this imply that, for users like me, the "Getting started, quick
and dirty" section of the Postfix TLS support could be further
simplified?
Yes. I did not write that secti
On Fri, Feb 07, 2014 at 11:49:55PM +, Alan Munday wrote:
> >Assuming a suitable private key in key.pem, a self-signed cert is just
> >one command:
> >
> > openssl req -x509 -sha1 -new -key key.pem -out newcert.pem \
> > -subj "/CN=$(uname -n)" -days 3650
> >
>
> Not difficult at a
Viktor Dukhovni wrote the following on 07/02/14 23:13:
On Fri, Feb 07, 2014 at 10:40:37PM +, Alan Munday wrote:
Should not be too hard. In your case, as I suggested upstream, a
simple self-signed certificate with no issuing CA is quite sufficient:
Assuming a suitable private key in key.pem
On Fri, Feb 07, 2014 at 10:40:37PM +, Alan Munday wrote:
> > Usually, the CA certificate is created using a different extension
> > section (not "usr_cert"). You then have "CA:FALSE" in "usr_cert",
> > and "CA:TRUE" in the CA extension section.
>
> I'll try this.
Should not be too hard. In
Viktor Dukhovni wrote the following on 07/02/14 19:07:
On Thu, Feb 06, 2014 at 05:37:16PM +, Alan Munday wrote:
>> I did try CA:FALSE but this was causing outlook.com mail to fail
>> (and, as Viktor stated, mail from other domains as well).
>
> Usually, the CA certificate is created using a
On Thu, Feb 06, 2014 at 05:37:16PM +, Alan Munday wrote:
> My certificate creation process also followed the old way of doing
> things. I've updated this to also follow the HowTo. In doing so I
> needed to edit two values in the openssl.cnf namely:
>
> [ CA_default ]
> unique_subject = no
>
Alan Munday wrote the following on 06/02/14 17:37:
Viktor Dukhovni wrote the following on 05/02/14 20:44:
On Wed, Feb 05, 2014 at 08:28:51PM +, Alan Munday wrote:
Viktor Dukhovni wrote the following on 05/02/14 18:45:
And of course mx3 is still broken, STARTTLS hangs, because it is
un
Viktor Dukhovni wrote the following on 05/02/14 20:44:
On Wed, Feb 05, 2014 at 08:28:51PM +, Alan Munday wrote:
Viktor Dukhovni wrote the following on 05/02/14 18:45:
Now for the record your leaf certificate is also a CA, which is
harmless I imagine, but keep that in mind if you run into
Alan Munday wrote the following on 05/02/14 21:29:
Rather than tie up peoples time is there a reference I can go to and
I'll work through things from scratch.
And replying to my own question, I've found the TLS-README...
Viktor Dukhovni wrote the following on 05/02/14 20:44:
On Wed, Feb 05, 2014 at 08:28:51PM +, Alan Munday wrote:
Viktor Dukhovni wrote the following on 05/02/14 18:45:
On Wed, Feb 05, 2014 at 05:07:27PM +, Alan Munday wrote:
Feb 5 16:01:21 mx1 postfix/smtpd[22789]:
Anonymous TLS c
On Wed, Feb 05, 2014 at 08:28:51PM +, Alan Munday wrote:
> Viktor Dukhovni wrote the following on 05/02/14 18:45:
> >On Wed, Feb 05, 2014 at 05:07:27PM +, Alan Munday wrote:
> >
> >>Feb 5 16:01:21 mx1 postfix/smtpd[22789]:
> >> Anonymous TLS connection established
> >> from mail-db3lp
Viktor Dukhovni wrote the following on 05/02/14 18:45:
On Wed, Feb 05, 2014 at 05:07:27PM +, Alan Munday wrote:
Feb 5 16:01:21 mx1 postfix/smtpd[22789]:
Anonymous TLS connection established
from mail-db3lp0084.outbound.protection.outlook.com[213.199.154.84]:
TLSv1 with cipher AES1
Viktor Dukhovni wrote the following on 05/02/14 18:45:
On Wed, Feb 05, 2014 at 05:07:27PM +, Alan Munday wrote:
Viktor
Thank you. I'll work through the points you've highlighted.
Alan
On Wed, Feb 05, 2014 at 05:07:27PM +, Alan Munday wrote:
> Feb 5 16:01:21 mx1 postfix/smtpd[22789]:
> Anonymous TLS connection established
> from mail-db3lp0084.outbound.protection.outlook.com[213.199.154.84]:
> TLSv1 with cipher AES128-SHA (128/128 bits)
> Feb 5 16:01:21 mx1 postfix/s
15 matches
Mail list logo
