--On Wednesday, January 06, 2016 11:58 PM +0100 Markus Benning
wrote:
Am Montag, den 04.01.2016, 20:40 +0100 schrieb Markus Benning:
My log analyser "saftpresse" implements this:
https://metacpan.org/release/Log-Saftpresse
Theres a commandline interface "saftsumm" which tries to provide the
Am Montag, den 04.01.2016, 20:40 +0100 schrieb Markus Benning:
> My log analyser "saftpresse" implements this:
>
> https://metacpan.org/release/Log-Saftpresse
>
> Theres a commandline interface "saftsumm" which tries to provide the
> classic pflogsumm inteface.
> Try '--tls-stats'
>
> The saftpr
Am Montag, den 04.01.2016, 10:21 -0500 schrieb Wietse Venema:
> > > No, but you could use a better stateful logfile analyzer. The TLS
> > > session status is always logged with the name of the remote MTA
> > > example.com[x.x.x.x]:25, and it is always logged before the
> > > status=
> > > record.
>
Matthias Schneider:
> >> Is there a easy way to add this to smtp.c ?
> > No, but you could use a better stateful logfile analyzer. The TLS
> > session status is always logged with the name of the remote MTA
> > example.com[x.x.x.x]:25, and it is always logged before the status=
> > record.
Matthia
Am 04.01.2016 um 15:29 schrieb Wietse Venema:
Matthias Schneider:
Hi,
I would like to have the TLS state of a message in the final status=send
log line.
Currently the TLS information is only findable by searching for the
smtp[pid],
on big mail logs this can result in many false positive search
Matthias Schneider:
> Hi,
>
> I would like to have the TLS state of a message in the final status=send
> log line.
> Currently the TLS information is only findable by searching for the
> smtp[pid],
> on big mail logs this can result in many false positive search results.
>
> Jan 4 14:17:01 mai
On Thursday 20 November 2008 15:52:56 Victor Duchovni wrote:
> On Thu, Nov 20, 2008 at 03:48:32PM +, Mark Watts wrote:
> > > The first cipher has no authentication mechanism in the SSL handshake,
> > > so you get encryption only, no authentication. The second cipher makes
> > > authentication
On Thu, Nov 20, 2008 at 03:48:32PM +, Mark Watts wrote:
> > The first cipher has no authentication mechanism in the SSL handshake,
> > so you get encryption only, no authentication. The second cipher makes
> > authentication "possible", but you can still (and typically do) ignore the
> > peer
On Thursday 20 November 2008 15:05:50 Victor Duchovni wrote:
> On Thu, Nov 20, 2008 at 08:56:04AM +, Mark Watts wrote:
> > I did wonder what the difference between ADH-AES256-SHA and AES256-SHA
> > was. Both still result in an encrypted connection though, right?
>
> $ openssl ciphers -v AD
On Thu, Nov 20, 2008 at 08:56:04AM +, Mark Watts wrote:
> I did wonder what the difference between ADH-AES256-SHA and AES256-SHA was.
> Both still result in an encrypted connection though, right?
$ openssl ciphers -v ADH-AES256-SHA:AES256-SHA
ADH-AES256-SHA SSLv3 Kx=DH
On Wednesday 19 November 2008 16:29:09 Victor Duchovni wrote:
> On Wed, Nov 19, 2008 at 07:23:39AM -0600, Noel Jones wrote:
> > Mark Watts wrote:
> > >I'm in the process of setting up TLS on a number of servers.
> > >I have two servers, both running Postfix, one an smtp client and the
> > > other
Hello Mark,
please take the following with a grain of salt, it's 4am here, so I
might be seriously wrong:
* Mark Watts <[EMAIL PROTECTED]> wrote:
>
> I'm in the process of setting up TLS on a number of servers.
> I have two servers, both running Postfix, one an smtp client and the other an
> sm
Larry Stone wrote, at 11/19/2008 01:50 PM:
> You have a client connecting to a server with your self-signed
> certificate (signed by a CA of your own creation). Connections to it do
> not generate verification failures. Does the client have your
> self-created CA's root certificate on it? If so, t
On Wed, Nov 19, 2008 at 12:50:40PM -0600, Larry Stone wrote:
> On Wed, 19 Nov 2008, Mark Watts wrote:
>
> >The server I'm in control of is signed by a CA. (This server does not give
> >any
> >verification failure messages)
> >I don't know about the other server.
>
> I'm getting confused as to w
On Wed, 19 Nov 2008, Mark Watts wrote:
The server I'm in control of is signed by a CA. (This server does not give any
verification failure messages)
I don't know about the other server.
I'm getting confused as to which server is which but I'm sensing that you
think self-signed means automatic
On Wed, Nov 19, 2008 at 07:23:39AM -0600, Noel Jones wrote:
> Mark Watts wrote:
> >I'm in the process of setting up TLS on a number of servers.
> >I have two servers, both running Postfix, one an smtp client and the other
> >an smtpd server, using a self-signed SSL certificate.
> >
> >Sending mes
> One thing to keep in mind is that recent Postfix versions don't
> necessarily exchange certificates (also known as anonymous TLS).
As mentioned earlier in the thread, the remote server with the extra log
entries is not Postfix, so this may also go towards explaining the behaviour
I'm seeing.
On Wednesday 19 November 2008 14:48:32 Noel Jones wrote:
> Mark Watts wrote:
> > On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote:
> >> Mark Watts:
> >>> I think my original question still stands; why do connections to
> >>> one server not generate verification messages, while connection
Mark Watts wrote:
On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote:
Mark Watts:
I think my original question still stands; why do connections to
one server not generate verification messages, while connections
to a third server do. Both remote servers have self-signed ssl
certificate
Mark Watts:
> I think my original question still stands; why do connections to
> one server not generate verification messages, while connections
> to a third server do. Both remote servers have self-signed ssl
> certificates.
Wietse:
> Presumably, those certificates are signed with different key
On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote:
> Mark Watts:
> > I think my original question still stands; why do connections to
> > one server not generate verification messages, while connections
> > to a third server do. Both remote servers have self-signed ssl
> > certificates.
Mark Watts:
> I think my original question still stands; why do connections to
> one server not generate verification messages, while connections
> to a third server do. Both remote servers have self-signed ssl
> certificates.
Presumably, those certificates are signed with different keys. I
run t
On Wednesday 19 November 2008 13:42:59 Noel Jones wrote:
> Mark Watts wrote:
> >> When you're sending mail, no client certificate is requested.
> >> Your postfix doesn't know (and doesn't care) that the client
> >> has a self-signed certificate.
>
> Ooops, spoke backwards there. When you receiv
Mark Watts wrote:
When you're sending mail, no client certificate is requested.
Your postfix doesn't know (and doesn't care) that the client
has a self-signed certificate.
Ooops, spoke backwards there. When you receive mail (the
smtpd server) no certificate is requested, so no certificate
> When you're sending mail, no client certificate is requested.
> Your postfix doesn't know (and doesn't care) that the client
> has a self-signed certificate.
Indeed, but its the *remote servers* than have self-signed certificates.
The originating server doesn't have any certificates at all.
I
Mark Watts wrote:
On Wednesday 19 November 2008 13:23:39 Noel Jones wrote:
Mark Watts wrote:
I'm in the process of setting up TLS on a number of servers.
I have two servers, both running Postfix, one an smtp client and the
other an smtpd server, using a self-signed SSL certificate.
Sending mes
On Wednesday 19 November 2008 13:23:39 Noel Jones wrote:
> Mark Watts wrote:
> > I'm in the process of setting up TLS on a number of servers.
> > I have two servers, both running Postfix, one an smtp client and the
> > other an smtpd server, using a self-signed SSL certificate.
> >
> > Sending mes
Mark Watts wrote:
I'm in the process of setting up TLS on a number of servers.
I have two servers, both running Postfix, one an smtp client and the other an
smtpd server, using a self-signed SSL certificate.
Sending messages, I get the following in the log on the sender:
Nov 19 10:05:01 mailr
28 matches
Mail list logo