On Fri, Mar 19, 2021 at 07:53:09PM +0100, Matus UHLAR - fantomas wrote:
> I mean, aNULL on port 25 is fine.
>
> aNULL on port 465 and 587 is not fine, is it?
Of course it is fine, if you're not asking for client certs, and the
client is willing to do aNULL (i.e. ignore your certificates), then
f
On Tue, Mar 16, 2021 at 05:51:07PM +0100, Matus UHLAR - fantomas wrote:
>When the Postfix TLS security level requires authentication (mandatory
>TLS stronger than just "encrypt"), Postfix automatically disables the
>aNULL ciphers internally. You never need to do explicitly, except to
>satisfy s
On Tue, Mar 16, 2021 at 05:51:07PM +0100, Matus UHLAR - fantomas wrote:
> >When the Postfix TLS security level requires authentication (mandatory
> >TLS stronger than just "encrypt"), Postfix automatically disables the
> >aNULL ciphers internally. You never need to do explicitly, except to
> >sat
Hello,
>On Fri, Jan 29, 2021 at 06:53:09PM +0100, Matus UHLAR - fantomas wrote:
>> yes, but when the policy is encryption required for client-server
>> connections, aNULL would break that IIUC
>> - please correct me if I'm wrong
On 29.01.21 15:09, Viktor Dukhovni wrote:
>You're wrong. The "a
On Sat, Jan 30, 2021 at 06:49:42PM +0100, Matus UHLAR - fantomas wrote:
> >On Fri, Jan 29, 2021 at 06:53:09PM +0100, Matus UHLAR - fantomas wrote:
> >> yes, but when the policy is encryption required for client-server
> >> connections, aNULL would break that IIUC
> >> - please correct me if I'm wr
>>
smtpd_tls_exclude_ciphers=MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4,3DES
>> smtpd_tls_mandatory_exclude_ciphers=aNULL
>
>Mostly harmless, but not necessary.
On Fri, Jan 29, 2021 at 06:53:09PM +0100, Matus UHLAR - fantomas wrote:
yes, but when the policy is encryption required for cl
On Fri, Jan 29, 2021 at 06:53:09PM +0100, Matus UHLAR - fantomas wrote:
> >> smtpd_tls_exclude_ciphers=MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4,3DES
> >> smtpd_tls_mandatory_exclude_ciphers=aNULL
> >
> >Mostly harmless, but not necessary.
>
> yes, but when the policy is encryption require
On Fri, Jan 29, 2021 at 02:08:48PM +0100, Matus UHLAR - fantomas wrote:
Excluding aNULL should not be needed on smtp port, but apparently
is useful on ports with mandatory encryption.
On 29.01.21 11:53, Viktor Dukhovni wrote:
It is only ever *needed* on the client side, when *authenticating* t
On Fri, Jan 29, 2021 at 08:21:46AM +, Chu, Uy wrote:
> Thank you for your suggestion, I made the changes as you suggested,
> but still seeing the same error.
- What does the *client* report when this happens?
- Capture a PCAP file with a single session between the client
and this server.
On Fri, Jan 29, 2021 at 02:08:48PM +0100, Matus UHLAR - fantomas wrote:
> Excluding aNULL should not be needed on smtp port, but apparently
> is useful on ports with mandatory encryption.
It is only ever *needed* on the client side, when *authenticating* the
server. Postfix does that automatical
Hello,
On Thu, Jan 28, 2021 at 09:48:13PM +, Chu, Uy wrote:
smtp_tls_CAfile = /etc/postfix/ca.crt
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2, RC4, aNULL
smtp_tls_loglevel = 2
On 28.01.21 17:01, Viktor Dukhovni wrote:
Not sure why you want to dis
: Trouble with STARTTLS...Connection lost
On Thu, Jan 28, 2021 at 09:48:13PM +, Chu, Uy wrote:
> smtp_tls_CAfile = /etc/postfix/ca.crt
> smtp_tls_ciphers = high
> smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2, RC4,
> aNULL smtp_tls_loglevel = 2
Not sure why you wan
On Thu, Jan 28, 2021 at 09:48:13PM +, Chu, Uy wrote:
> smtp_tls_CAfile = /etc/postfix/ca.crt
> smtp_tls_ciphers = high
> smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2, RC4, aNULL
> smtp_tls_loglevel = 2
Not sure why you want to disable aNULL, or set the log level > 1.
> smtp_
: Trouble with STARTTLS...Connection lost
Chu, Uy:
> Hi All,
>
> I am having trouble with one of our application server not being able to
> connect to send emails. I noticed the issue of connection lost after
> STARTTLS. Is it a configuration on the SMTP server or the application
On Thu, Jan 28, 2021 at 08:18:05PM +, Chu, Uy wrote:
> I am having trouble with one of our application server not being able
> to connect to send emails. I noticed the issue of connection lost
> after STARTTLS. Is it a configuration on the SMTP server or the
> application?
>
> Jan 28 10:19:
Chu, Uy:
> Hi All,
>
> I am having trouble with one of our application server not being able to
> connect to send emails. I noticed the issue of connection lost after
> STARTTLS. Is it a configuration on the SMTP server or the application?
>
"postconf -n" output please?
Wietse
16 matches
Mail list logo
