On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote:
> The question is how likely it is such a server is dropping tls support
> after that work. I'd guess it will be unlikely and errors mostly occur
> due to expired certificates or other (temporary) configuration issues.
As a matter of
>>> Sure, but the forensic value of the signal is rather weak, since you
>>> learn nothing about the names in the certificate, and anyone can get
>>> a certificate from Let's Encrypt. So your connection was to some
>>> server that had some certificate, ... now what?
>>
>> You'll get the informati
On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote:
> > Sure, but the forensic value of the signal is rather weak, since you
> > learn nothing about the names in the certificate, and anyone can get
> > a certificate from Let's Encrypt. So your connection was to some
> > server that ha
>>> I am curious why with opportunistic TLS (security level may), you're
>>> bothering to take any action to tweak the entirely cosmetic certificate
>>> path validation status?
>>
>> What about parsing the maillog and adding those trusted servers to a table
>> in order to enforce a higher tls leve
On Fri, Sep 17, 2021 at 07:53:55PM +0200, Gerald Galster wrote:
> > I am curious why with opportunistic TLS (security level may), you're
> > bothering to take any action to tweak the entirely cosmetic certificate
> > path validation status?
>
> What about parsing the maillog and adding those trus
>> Thank you for the answers. I'm reading the documentation and we need to
>> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
>> possible and I will report the result here.
>
> I am curious why with opportunistic TLS (security level may), you're
> bothering to take any action to t
On Fri, Sep 17, 2021 at 01:38:43PM -0300, Fabio S. Schmidt wrote:
> Hello David and Gerald,
>
> Thank you for the answers. I'm reading the documentation and we need to
> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
> possible and I will report the result here.
I am curious why
Hello David and Gerald,
Thank you for the answers. I'm reading the documentation and we need to
adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
possible and I will report the result here.
Best regards
Fabio
Em sex., 17 de set. de 2021 às 11:50, Gerald Galster
escreveu:
> > I'm
> I'm sorry if this is a frequent question, but we have deployed a new Postfix
> server and we have enabled Opportunistic TLS. We have noticed that even with
> a valid certificate when connecting to gmail servers the Untrusted TLS
> connection is being displayed.
>
> I have updated the ca-cert
‘What do "Anonymous", "Untrusted", etc. in Postfix logging mean?’
http://www.postfix.org/FORWARD_SECRECY_README.html#status
Thanks. I thought I had that set but I’ll check again tomorrow.
Robert
-
Robert Chalmers
https://robert-chalmers.uk
https://robert-chalmers.com
@R_A_Chalmers
> On 16 Jul 2020, at 4:18 pm, Patrick Ben Koetter wrote:
>
> * Robert Chalmers (Author) :
>>
>> I’m seeing this in my log file on
* Robert Chalmers (Author) :
>
> I’m seeing this in my log file on outgoing test mail. Can’t seem to find a
> solution. The mail does go through, but leaves this “Untrusted” message in
> its wake.
>
> Jul 16 15:33:37 www postfix/587/smtp[35313]: Untrusted TLS connection
> established to gmail-
On Mon, Jul 08, 2019 at 08:39:09AM +0200, Tobias Reckhard wrote:
> On 03.07.2019 17:24, David Gibbs wrote:
> > On 7/2/19 3:03 PM, David Mehler wrote:
> >> Jul 2 14:59:44 mail postfix/smtp[14345]: Untrusted TLS connection
> >> established to gmail-smtp-in.l.google.com[173.194.68.27]:25: TLSv1.3
>
On 03.07.2019 17:24, David Gibbs wrote:
> On 7/2/19 3:03 PM, David Mehler wrote:
>> Jul 2 14:59:44 mail postfix/smtp[14345]: Untrusted TLS connection
>> established to gmail-smtp-in.l.google.com[173.194.68.27]:25: TLSv1.3
>> with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
>>
On 7/2/19 3:03 PM, David Mehler wrote:
Jul 2 14:59:44 mail postfix/smtp[14345]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[173.194.68.27]:25: TLSv1.3
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (2048 bits) server-digest S
On Tue, Jul 02, 2019 at 04:03:51PM -0400, David Mehler wrote:
> I'm running postfix 3.4.5 and email sending/receiving is working. I am
> however noticing an message:
>
> Jul 2 14:59:44 mail postfix/smtp[14345]: Untrusted TLS connection
> established to gmail-smtp-in.l.google.com[173.194.68.27]:2
On Tue, Nov 17, 2015 at 10:58:13PM -0500, Bill Cole wrote:
> >[root@knox certs]# postconf -n | grep tls
> >smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
> >smtp_tls_CApath = /etc/ssl/certs/
>
> That's likely to be wrong. smtp_tls_CApath needs to be more than just a
> directory where the
On 17 Nov 2015, at 14:02, Istvan Prosinger wrote:
Hi,
I'm trying to install the signed STARTSSL certificates to Postfix, but
I'm getting this entry whatever I do:
Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[74.125.133.26]:25:
On Tue, Nov 17, 2015 at 07:14:21PM +, Viktor Dukhovni wrote:
> > smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
> > smtp_tls_CApath = /etc/ssl/certs/
> > smtp_tls_loglevel = 1
> > smtp_tls_security_level = may
>
> With opportunistic TLS ("may") certificates are never verified,
> and
On Tue, Nov 17, 2015 at 08:02:35PM +0100, Istvan Prosinger wrote:
> I'm trying to install the signed STARTSSL certificates to Postfix, but I'm
> getting this entry whatever I do:
>
> Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
> established to gmail-smtp-in.l.google.com[74.
On Tue, Sep 08, 2009 at 11:37:56AM -0400, Gerard wrote:
> I have 'tls' working fine, except for on site. While the mail is still
> sent correctly, I am wondering why I have this warning message in the
> logs:
There is no warning message.
>
> Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_conn
21 matches
Mail list logo
