Am 24.12.2013 19:13, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 06:36:08PM +0100, li...@rhsoft.net wrote:
>
>> For me it looked logical that if I have the two params for
>> smtpd_ and there are identical for smtp_ they should be both
>> used with the same cert
>>
>> smtpd_tls_cert_file =
On Tue, Dec 24, 2013 at 06:36:08PM +0100, li...@rhsoft.net wrote:
> For me it looked logical that if I have the two params for
> smtpd_ and there are identical for smtp_ they should be both
> used with the same cert
>
> smtpd_tls_cert_file = /etc/postfix/certs/localhost.pem
> smtpd_tls_key_file
Am 24.12.2013 18:13, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 05:45:21PM +0100, li...@rhsoft.net wrote:
>
>> Maybe a good idea to consider using the wildcard-certificate
>> with SHA2 for outgoing messages and order a 3072/SHA1 for the
>> MX and use the wildcard for all other services
>
>
On Tue, Dec 24, 2013 at 05:45:21PM +0100, li...@rhsoft.net wrote:
> Maybe a good idea to consider using the wildcard-certificate
> with SHA2 for outgoing messages and order a 3072/SHA1 for the
> MX and use the wildcard for all other services
You don't need to, and SHOULD NOT, configure a client c
Am 24.12.2013 17:33, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 11:16:50AM +0100, li...@rhsoft.net wrote:
>
>>> The symptom would be that your certificate chain is not verifiable,
>>> verify error:num=7:certificate signature failure
>>
>> Thank you for that.
>>
>> Am I right that this do
On Tue, Dec 24, 2013 at 11:16:50AM +0100, li...@rhsoft.net wrote:
> > The symptom would be that your certificate chain is not verifiable,
> > verify error:num=7:certificate signature failure
>
> Thank you for that.
>
> Am I right that this does not break opportunistic TLS at a whole
> for such d
Am 24.12.2013 04:03, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 01:16:33AM +0100, li...@rhsoft.net wrote:
>>> Deploying digests beyond SHA1 will cause interoperability problems
>>> with systems that don't yet support the SHA2 family
>>
>> Are you aware of systems / mailservers which would
On Tue, Dec 24, 2013 at 01:16:33AM +0100, li...@rhsoft.net wrote:
> > Deploying digests beyond SHA1 will cause interoperability problems
> > with systems that don't yet support the SHA2 family
>
> Are you aware of systems / mailservers which would have a
> problem with it?
Yes. Any OpenSSL base
nanotek wrote:
>I am receiving a "Certificate Error" when sending mail from K-9 on my
>android. I do not receive any error on my PC client (Thunderbird).
>
>I only have a self-signed public certificate and private key configured
>
>for use by Postfix. Should I create my own Certificate Authorit
Am 23.12.2013 16:09, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
>> Still, might be a good time to create my own CA and upgrade to 4096 bit
>> keys/certificates
>
> You can deploy 4096-bit RSA key if it makes you feel more cool,
> but there is little point
On Mon, Dec 23, 2013 at 03:09:09PM +, Viktor Dukhovni wrote:
> > using SHA512 algorithms
>
> TLSv1 and TLSv1.2 does not support negotiation of digest algorithms.
I meant "TLSv1 and TLSv1.1", but typed TLSv1.2.
Speaking of TLSv1.2, does anyone have more information about:
https://rt.ope
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
> Still, might be a good time to create my own CA and upgrade to 4096 bit
> keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in going beyond 2048-bit RSA at this
time. The further
Original Message
Date: Tuesday, December 24, 2013 12:57:53 AM +1100
From: nanotek
To: postfix-users@postfix.org
Subject: Certificate Error (android client)
I am receiving a "Certificate Error" when sending mail from K-9 on
my android. I do not receive any error on my
2010/1/8 Davy Leon :
> I'm getting this message in my /var/log/maillog everytime postfix delivers a
> message. The message is delivered, but it logs this message. How can I solve
> this?
>
> JanĀ 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed
> for smarthost.example.com: nu
14 matches
Mail list logo
