Re: SMTPS 465

On 4/15/2013 6:57 AM, Joan Moreau wrote: > Reverted to 3.7.10. Recompiled openssl + cyrus + posfix . Same errors. > Where does the inconsistency reside ? You will probably not get the answer from the Postfix mailing list, as this is not a problem with Postfix, and it appears that nobody here is w

Re: SMTPS 465

Am 15.04.2013 14:14, schrieb DTNX Postmaster: > Besides, aren't the odd kernel versions such as 3.5.x, 3.7.x etc. development > kernels? why should they? since kernel 2.6 released around 10 years ago the versioning is no longer this way and 3.0.x is only a renumbering from 2.6.40 https://www.k

Re: SMTPS 465

On Apr 15, 2013, at 13:57, Joan Moreau wrote: > Le 15/04/2013 10:24, Charles Marcus a écrit : > >>> On 2013-04-14 6:30 PM, Joan Moreau wrote: >>> Le 14/04/2013 22:24, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at >>> 10:21:58PM +, Joan Moreau wrote: However, how can postfix NOT use the

Re: SMTPS 465

Am 15.04.2013 13:57, schrieb Joan Moreau: > Le 15/04/2013 10:24, Charles Marcus a écrit : > Roll back to the previous kernel. > > Seriously. If you updated the kernel but didn't keep the last known > good/working one, then hopefully you have learned why doing this is such > a good idea and will

Re: SMTPS 465

Le 15/04/2013 10:24, Charles Marcus a écrit : On 2013-04-14 6:30 PM, Joan Moreau wrote: Le 14/04/2013 22:24, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 10:21:58PM +, Joan Moreau wrote: However, how can postfix NOT use the only openssl library ? or fail to have SHA2 when loading the

Re: SMTPS 465

On 2013-04-14 6:30 PM, Joan Moreau wrote: Le 14/04/2013 22:24, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 10:21:58PM +, Joan Moreau wrote: However, how can postfix NOT use the only openssl library ? or fail to have SHA2 when loading the .so ? Find a less broken operating system.

Re: SMTPS 465

Am 2013-04-15 07:27 schrieb Stan Hoeppner: We've been told that this kernel upgrade created the problem. Simply reverting to the previous kernel should fix it. I wager the OP upgraded more than just the kernel, or upgraded the kernel in-place, Russian Roulette style. ;) The lesson learned is th

Re: SMTPS 465

On 4/12/2013 2:03 PM, Joan Moreau wrote: > I am stuck with making my SSL SMTPS (port 465) works, while it was > working fine since ever. > > I upgraded my kernel to 3.8.6 and since then, nothing works :( On 4/14/2013 5:24 PM, Viktor Dukhovni wrote: > On Sun, Apr 14, 2013 at 10:21:58PM +, Joan

Re: SMTPS 465

Am 15.04.2013 00:30, schrieb Joan Moreau: > Le 14/04/2013 22:24, Viktor Dukhovni a écrit : > >> On Sun, Apr 14, 2013 at 10:21:58PM +, Joan Moreau wrote: >> >> However, how can postfix NOT use the only openssl library ? or fail to have >> SHA2 when loading the .so ? >> >> Find a less broken

Re: SMTPS 465

Le 14/04/2013 22:24, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 10:21:58PM +, Joan Moreau wrote: However, how can postfix NOT use the only openssl library ? or fail to have SHA2 when loading the .so ? Find a less broken operating system. This works on every system I've ever used,

Re: SMTPS 465

On Sun, Apr 14, 2013 at 10:21:58PM +, Joan Moreau wrote: > However, how can postfix NOT use the only openssl library ? or fail to > have SHA2 when loading the .so ? Find a less broken operating system. This works on every system I've ever used, and finding out what's wrong with yours is not

Re: SMTPS 465

Le 14/04/2013 22:08, Joan Moreau a écrit : > Le 14/04/2013 22:02, Viktor Dukhovni a écrit : > > On Sun, Apr 14, 2013 at 09:21:16PM +, Viktor Dukhovni wrote: > Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 This looks fine, > OpenSSL inter-operates with itself selecting a TLSv1.2

Re: SMTPS 465

On Sun, Apr 14, 2013 at 10:08:52PM +, Joan Moreau wrote: > #define OpenSSL_add_ssl_algorithms() SSL_library_init() > > which adds all libcrypto digests. > > Same : in /usr/include/openssl/ssl.h, I have : > > #define OpenSSL_add_ssl_algorithms() SSL_library_init() > #define SSLeay_add_ssl_a

Re: SMTPS 465

Le 14/04/2013 22:02, Viktor Dukhovni a écrit : > On Sun, Apr 14, 2013 at 09:21:16PM +, Viktor Dukhovni wrote: > Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 This looks fine, > OpenSSL inter-operates with itself selecting a TLSv1.2 ciphersuite. Now try: > (sleep 2; printf "%srn"

Re: SMTPS 465

On Sun, Apr 14, 2013 at 09:21:16PM +, Viktor Dukhovni wrote: > > Protocol : TLSv1.2 > > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > > This looks fine, OpenSSL inter-operates with itself selecting a TLSv1.2 > ciphersuite. Now try: > > (sleep 2; printf "%s\r\n" QUIT) | > openssl s_cl

Re: SMTPS 465

Le 14/04/2013 21:21, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 08:49:11PM +, Joan Moreau wrote: $ openssl s_client -state -connect 127.0.0.1:12345 2>&1 | tee client.out Ok, here it is below Please also report "openssl version -a". Here : OpenSSL 1.0.1e 11 Feb 2013 built on: Sun

Re: SMTPS 465

On Sun, Apr 14, 2013 at 08:49:11PM +, Joan Moreau wrote: > >$ openssl s_client -state -connect 127.0.0.1:12345 2>&1 | tee client.out > > Ok, here it is below > Please also report "openssl version -a". > client.out : > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Server publi

Re: SMTPS 465

Le 14/04/2013 19:46, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 06:31:48PM +, Joan Moreau wrote: Ok, I have now proper install of postfix / openssl / cyrsus / etc... I still get : 2013-04-14T20:29:45.074096+02:00 server postfix/smtpd[12926]: warning: TLS library problem: 12926:err

Re: SMTPS 465

On Sun, Apr 14, 2013 at 06:31:48PM +, Joan Moreau wrote: > Ok, I have now proper install of postfix / openssl / cyrsus / etc... > > I still get : > > 2013-04-14T20:29:45.074096+02:00 server postfix/smtpd[12926]: warning: > TLS library problem: 12926:error:1409D08A:SSL > routines:SSL3_SETUP

Re: SMTPS 465

Le 14/04/2013 17:45, Viktor Dukhovni a écrit : > On Sun, Apr 14, 2013 at 07:33:21PM +0200, Reindl Harald wrote: > Am 14.04.2013 19:24, schrieb Viktor Dukhovni: On Sun, Apr 14, 2013 at > 07:22:28PM +0200, Reindl Harald wrote: -UHAS_IPV6 -DUSE_TLS > -I/usr/include/mysql/ -I/usr/include/sasl ' '

Re: SMTPS 465

On Sun, Apr 14, 2013 at 07:33:21PM +0200, Reindl Harald wrote: > Am 14.04.2013 19:24, schrieb Viktor Dukhovni: > > On Sun, Apr 14, 2013 at 07:22:28PM +0200, Reindl Harald wrote: > > > >>> -UHAS_IPV6 -DUSE_TLS -I/usr/include/mysql/ -I/usr/include/sasl ' > >>> 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlcli

Re: SMTPS 465

Am 14.04.2013 19:24, schrieb Viktor Dukhovni: > On Sun, Apr 14, 2013 at 07:22:28PM +0200, Reindl Harald wrote: > >>> -UHAS_IPV6 -DUSE_TLS -I/usr/include/mysql/ -I/usr/include/sasl ' >>> 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl >>> -lcrypto -lz -lm -lpcre -lsasl2' >> >> i am missing here t

Re: SMTPS 465

Le 14/04/2013 17:21, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 03:57:07PM +, Joan Moreau wrote: Done right, this is sufficient. Your compiler settings must be wrong. Post the exact command you use the create the Postfix "makefiles". make -f Makefile.init makefiles 'CCARGS=-DHAS_PCR

Re: SMTPS 465

On Sun, Apr 14, 2013 at 07:22:28PM +0200, Reindl Harald wrote: > > -UHAS_IPV6 -DUSE_TLS -I/usr/include/mysql/ -I/usr/include/sasl ' > > 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl > > -lcrypto -lz -lm -lpcre -lsasl2' > > i am missing here the path to openssl > below the ARGS from my fedora-rp

Re: SMTPS 465

Am 14.04.2013 17:57, schrieb Joan Moreau: > Le 14/04/2013 15:25, Viktor Dukhovni a écrit : > >> On Sun, Apr 14, 2013 at 01:30:53PM +, Joan Moreau wrote: >> >> [ You're using a mail client, whose plain-text response does not properly >> "quote" material you're replying to. When posting to thi

Re: SMTPS 465

On Sun, Apr 14, 2013 at 03:57:07PM +, Joan Moreau wrote: > >Done right, this is sufficient. Your compiler settings must > >be wrong. Post the exact command you use the create the > >Postfix "makefiles". > > make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL > -DUSE_SASL_AUTH -DUSE

Re: SMTPS 465

Le 14/04/2013 15:25, Viktor Dukhovni a écrit : On Sun, Apr 14, 2013 at 01:30:53PM +, Joan Moreau wrote: [ You're using a mail client, whose plain-text response does not properly "quote" material you're replying to. When posting to this list please use a non-HTML client that gets the plain

Re: SMTPS 465

On Sun, Apr 14, 2013 at 01:30:53PM +, Joan Moreau wrote: [ You're using a mail client, whose plain-text response does not properly "quote" material you're replying to. When posting to this list please use a non-HTML client that gets the plain-text message right. ] > Ok, I tried > > 1 -

Re: SMTPS 465

Le 13/04/2013 16:27, Viktor Dukhovni a écrit : > On Sat, Apr 13, 2013 at 03:40:59PM +0200, mouss wrote: > 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: warning: TLS > library problem: 12238:error:1409D08A:SSL > routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:

Re: SMTPS 465

Le 13/04/2013 13:40, mouss a écrit : > Le 12/04/2013 23:05, Joan Moreau a écrit : > Please don't top-post. I do not understand smtpd_tls_loglevel = 1 is > sufficient for debugging. ok 2013-04-12T21:49:03.160443+02:00 server > postfix/smtpd[12238]: warning: TLS library problem: 12238:error:140

Re: SMTPS 465

On Sat, Apr 13, 2013 at 03:40:59PM +0200, mouss wrote: > >> 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: > >> warning: TLS library problem: 12238:error:1409D08A:SSL > >> routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423: > >> > >> This suggests your TLS library

Re: SMTPS 465

Le 12/04/2013 23:05, Joan Moreau a écrit : > >> Please don't top-post. > > I do not understand > > >> smtpd_tls_loglevel = 1 is sufficient for debugging. > > ok > > >> 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: >> warning: TLS library problem: 12238:error:1409D08A:SSL >> routines

Re: SMTPS 465

Am 13.04.2013 12:43, schrieb Joan Moreau: > This lead to a error 404. > Maybe can you rather explain how "toppost" would solve the SSL problem? you should post your reply BELOW the quote to make a thread readable by people which may come later to it and they may ignore it if it is unreadable for

Re: SMTPS 465

This lead to a error 404. Maybe can you rather explain how "toppost" would solve the SSL problem ? Thank in advance joan Le 12/04/2013 22:14, Quanah Gibson-Mount a écrit : > --On Friday, April 12, 2013 9:05 PM + Joan Moreau > wrote: > Please don't top-post. I do not understand

Re: SMTPS 465

yes, I kind of agree with you, however, would it be with SSL or STARTTLS, I get the same error (which did not appear before I upgraded my kernel) What could be the solution ? Le 12/04/2013 22:50, b...@bitrate.net a écrit : > On Apr 12, 2013, at 15.25, Joan Moreau wrote: > >> Hi, I am stuc

Re: SMTPS 465

On Apr 13, 2013, at 00:50, b...@bitrate.net wrote: > On Apr 12, 2013, at 15.25, Joan Moreau wrote: > >> Hi, >> >> I am stuck with making my SSL SMTPS (port 465) works, while it was working >> fine since ever. > > others have helped with the specifics of your question, so i'll address the > p

Re: SMTPS 465

On Apr 12, 2013, at 15.25, Joan Moreau wrote: > Hi, > > I am stuck with making my SSL SMTPS (port 465) works, while it was working > fine since ever. others have helped with the specifics of your question, so i'll address the philosophical aspect of it :) . while it may take some coordinati

Re: SMTPS 465

--On Friday, April 12, 2013 9:05 PM + Joan Moreau wrote: Please don't top-post. I do not understand --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the l

Re: SMTPS 465

Please don't top-post. I do not understand smtpd_tls_loglevel = 1 is sufficient for debugging. ok 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: warning: TLS library problem: 12238:error:1409D08A:SSL routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423:

Re: SMTPS 465

On 4/12/2013 2:49 PM, Joan Moreau wrote: > Actually, if type > > openssl s_client*-CApath BKQSDQSD* -connect 127.0.0.1:465 > > (Ie. whatever in the CApath field), the connection works fine > > but if not, I get an error. > > > > Putting "log level" at 3 in postfix, I get : Please don't top-

Re: SMTPS 465

Actually, if type openssl s_client -CAPATH BKQSDQSD -connect 127.0.0.1:465 (Ie. whatever in the CApath field), the connection works fine but if not, I get an error. Putting "log level" at 3 in postfix, I get : 2013-04-12T21:49:03.25+02:00 server postfix/smtpd[12238]: initializing th

Re: SMTPS 465

Hi, I need to type server:~ # openssl s_client -CAPATH /ETC/SSL -connect 127.0.0.1:465 to get a "OK" at the end. Is the the cause of the problem ? if yes, how to fix it in 'main.cf" ? CONNECTED(0003) depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA verify return:1 depth=0 O

Re: SMTPS 465

On 4/12/2013 2:25 PM, Joan Moreau wrote: > Hi, > > I am stuck with making my SSL SMTPS (port 465) works, while it was > working fine since ever. > > I upgraded my kernel to 3.8.6 and since then, nothing works :( > > What happens when you test it? # openssl s_client -connect 127.0.0.1:465 Wh