smtpd_tls_key_file =
/usr/local/etc/letsencrypt/live/rollcage13.aboc.net.au/privkey.pem
You've arrived at the correct setting before I had a chance to suggest it.
It seems to be working, but the test on
https://ssl-tools.net/mailservers/rollcage13.aboc.net.au
Is still moaning about an auth
/etc/letsencrypt/live/rollcage13.aboc.net.au/privkey.pem
You've arrived at the correct setting before I had a chance to suggest it.
> It seems to be working, but the test on
> https://ssl-tools.net/mailservers/rollcage13.aboc.net.au
> Is still moaning about an authority.
If the test
thing as long as the certs are in the correct order.
-Dan
On May 8, 2025, at 15:34, Carl Brewer via Postfix-users
wrote:
Hi,
I've been running postscript on a FreeBSD 13.x server with Letsencrypt running
as a cron job to keep SSL certs up to date automagically :
in main.cf :
smt
vkey.pem
It seems to be working, but the test on
https://ssl-tools.net/mailservers/rollcage13.aboc.net.au
Is still moaning about an authority.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
your cert chain, it will do the right
thing as long as the certs are in the correct order.
-Dan
> On May 8, 2025, at 15:34, Carl Brewer via Postfix-users
> wrote:
>
>
> Hi,
>
> I've been running postscript on a FreeBSD 13.x server with Letsencrypt
> runnin
will do the right
> thing as long as the certs are in the correct order.
>
> -Dan
>
>> On May 8, 2025, at 15:34, Carl Brewer via Postfix-users
>> wrote:
>>
>>
>> Hi,
>>
>> I've been running postscript on a FreeBSD 13.x server with Letse
Hi,
I've been running postscript on a FreeBSD 13.x server with Letsencrypt
running as a cron job to keep SSL certs up to date automagically :
in main.cf :
smtpd_tls_security_level = may
smtpd_tls_cert_file =
/usr/local/etc/letsencrypt/live/rollcage13.aboc.net.au/cer
On 2024-12-24 at 19:27:29 UTC-0500 (Tue, 24 Dec 2024 19:27:29 -0500
(EST))
Wietse Venema via Postfix-users
is rumored to have said:
Bill Cole via Postfix-users:
[...]
There's nothing technically wrong here, at least not that is
diagnosable
from your end. MS just does strange things.
They
>> early here and not enough coffee. why would i see different results
>> for the server's v4 address than its v6 address?
>
> You (as others have) might some day deploy separate actual servers
> behind a single logical host with multiple IP addresses
sure. makes sense for some deployments. ju
On Wed, Dec 25, 2024 at 08:42:51AM -0800, Randy Bush via Postfix-users wrote:
> >>> Randy, I'm disappointed
> >> And I embarrassed. clearly I blew it when creating the new mx
> >> target.
> > I am glad you took the friendly jibe in stride.
>
> stride? i blew it badly, a real stoopid.
>
> > http
>>> Randy, I'm disappointed
>> And I embarrassed. clearly I blew it when creating the new mx
>> target.
> I am glad you took the friendly jibe in stride.
stride? i blew it badly, a real stoopid.
> https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/thread/NKDBQABSTAAWLTHSZKC7P3HALF7VE5
On Tue, Dec 24, 2024 at 09:08:41PM -0800, Randy Bush via Postfix-users wrote:
> > Randy, I'm disappointed
>
> And I embarrassed. clearly I blew it when creating the new mx target.
I am glad you took the friendly jibe in stride.
> > I' like to suggest some serious attention to monitoring
>
> b
> Randy, I'm disappointed
and i embarrassed. clearly i blew it when creating the new mx target.
i just regenerated it with
m0.rg.net:/home/randy# openssl x509 -in
/etc/letsencrypt/live/m0.rg.net/fullchain.pem -noout -pubkey | openssl pkey
-pubin -outform DER | openssl sha256
SHA2-256(stdin)=
ound.protection.outlook.com[40.107.44.102]:
> TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> 2024-12-24T20:27:05.483096+00:00 m0 postfix/smtpd[188336]: SSL_accept:before
> SSL initialization
> 2024-12-24T20:27:05.692962+00:00 m0 postfix/smtpd[188336]: SSL_accep
]
2024-12-25T00:41:26.771423+00:00 m0 postfix/smtpd[2063]:
mailout1.joker.csl.de[194.245.148.146]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
2024-12-25T00:41:26.771863+00:00 m0 postfix/smtpd[2063]: SSL_accept:before SSL
initialization
2024-12-25T00:41:26.888519+00:00
Bill Cole via Postfix-users:
> On 2024-12-24 at 18:10:24 UTC-0500 (Tue, 24 Dec 2024 15:10:24 -0800)
> Randy Bush via Postfix-users
> is rumored to have said:
>
> > and without 1.3
> >
> [...]
> > 2024-12-24T23:09:18.525130+00:00 m0 postfix/smtpd[1379]: Anonymous TLS
> > connection established fr
Randy Bush via Postfix-users:
> fwiw, i tried
> smtpd_tls_session_cache_timeout = 0
> and
> smtpd_tls_session_cache_timeout = ridiculous
>
> both with and without `!TLSv1.3`
>
> no mail transfer
This will have to wait until Viktor reads this thread. This
is a failure that happens after t
On 2024-12-24 at 18:10:24 UTC-0500 (Tue, 24 Dec 2024 15:10:24 -0800)
Randy Bush via Postfix-users
is rumored to have said:
and without 1.3
[...]
2024-12-24T23:09:18.525130+00:00 m0 postfix/smtpd[1379]: Anonymous TLS
connection established from
mail-eastasiaazrln102210001.outbound.protection
fwiw, i tried
smtpd_tls_session_cache_timeout = 0
and
smtpd_tls_session_cache_timeout = ridiculous
both with and without `!TLSv1.3`
no mail transfer
randy
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
]
2024-12-24T23:19:14.101248+00:00 m0 postfix/smtpd[1414]:
mdpmta-as-1p-177349-txn.sys.comcast.net[96.103.94.54]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
2024-12-24T23:19:14.101669+00:00 m0 postfix/smtpd[1414]: SSL_accept:before SSL
initialization
2024-12-24T23:19:14.13
tfix/smtpd[1379]: SSL_accept:before SSL
initialization
2024-12-24T23:09:18.342294+00:00 m0 postfix/smtpd[1379]: SSL_accept:before SSL
initialization
2024-12-24T23:09:18.342369+00:00 m0 postfix/smtpd[1379]: SSL_accept:SSLv3/TLS
read client hello
2024-12-24T23:09:18.342428+00:00 m0 postfix/
: SSL_accept:before SSL
initialization
2024-12-24T23:07:06.761254+00:00 m0 postfix/smtpd[1343]: SSL_accept:before SSL
initialization
2024-12-24T23:07:06.761654+00:00 m0 postfix/smtpd[1343]: SSL_accept:SSLv3/TLS
read client hello
2024-12-24T23:07:06.765267+00:00 m0 postfix/smtpd[1343]: SSL_acce
Randy Bush via Postfix-users:
> > Maybe this will work around the problem:
> > smtpd_tls_protocols = >=TLSv1 !TLSv1.3
>
> because of all the warnings, i `systemctl restart`ed postfix. still whined.
>
> 2024-12-24T21:55:54.219911+00:00 m0 postfix/master[189212]: warning:
> /etc/postfix/main.
rotection.outlook.com[40.107.215.121]: TLS cipher
list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
2024-12-24T21:56:21.768605+00:00 m0 postfix/smtpd[189229]: SSL_accept:before
SSL initialization
2024-12-24T21:56:21.985225+00:00 m0 postfix/smtpd[189229]: SSL_accept:before
SSL initialization
2024
2]
> 2024-12-24T20:27:05.482713+00:00 m0 postfix/smtpd[188336]:
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]:
> TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> 2024-12-24T20:27:05.483096+00:00 m0 postfix/smtpd[188336]: SSL_accept:befo
:05.483096+00:00 m0 postfix/smtpd[188336]: SSL_accept:before
SSL initialization
2024-12-24T20:27:05.692962+00:00 m0 postfix/smtpd[188336]: SSL_accept:before
SSL initialization
2024-12-24T20:27:05.693067+00:00 m0 postfix/smtpd[188336]: SSL_accept:SSLv3/TLS
read client hello
2024-12-24T20:27:05.69
On Mon, Dec 16, 2024 at 16:32:27 +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> RH does not usually upgrade major versions of libraries, what's happened?
RHEL 9.4 actually rebased OpenSSL 3.0.7 => 3.2.2.
(which is not unusual in dot releases)
But Postfix was rebuilt as well, at least
What about openssl, which is current version in RHEL9?
It's Oracle's repo for RHEL9.
Name : openssl
Epoch: 1
Version : 3.2.2
Release : 6.0.1.el9_5
Architecture : x86_64
Size : 1.5 M
Source : openssl-3.2.2-6.0.1.el9_5.src.rpm
Repository :
On Mon, Dec 16, 2024 at 07:32:15AM -0500, postfix--- via Postfix-users wrote:
> This is what the packages were built with. Is this right/wrong? Do I have
> options that don't involve building from source? Do I need to wait until the
> package maintainers build against a newer SSL?
involve building from source? Do I need to
wait until the package maintainers build against a newer SSL?
RH does not usually upgrade major versions of libraries, what's happened?
The rebuild should not be needed, unless you encounter any incompatibility
problems. I believe RH does check t
007fe45531)
libcrypt.so.2 => /lib64/libcrypt.so.2 (0x7fe454f28000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x7fe454ddd000)
This is what the packages were built with. Is this right/wrong? Do I have
options that don't involve building from source? Do I need to wait un
On Mon, Dec 16, 2024 at 04:06:10AM -0500, postfix--- via Postfix-users wrote:
> Just to double check this isn't a configuration library issue on my end?
> Someone is messing around? I have dozens of these repeated in the logs.
You've recently installed an updated OpenSSL package on your system.
Just to double check this isn't a configuration library issue on my end?
Someone is messing around? I have dozens of these repeated in the logs.
Dec 15 23:07:50 host postfix/smtpd[3181]: warning: run-time library vs.
compile-time header version mismatch: OpenSSL 3.2.0 may not be compatible
w
That is what I thought. Just wanted to be sure.
Thank you.
> On Nov 15, 2024, at 4:00 PM, postfix--- via Postfix-users
> wrote:
>
>
>>
>> I was wondering if there is anyway to use the maillog with the SSL
>> messages to determine who was trying to send
I was wondering if there is anyway to use the maillog with the SSL
messages to determine who was trying to send messages during that
window.
You have the IP/Hostname of the servers connecting to your server.
If you are asking who as in the person, as in what the From: email address
was going
Hello all,
I am unsure if this is possible as it would probably be a security risk,
but I wanted to ask anyway.
A few days ago I made a mistake when configuring a new SSL cerfiticate
for my Postfix install. This resulted in about 10 days of downtime while
we sorted out what the actual problem
Scott K via Postfix-users:
> My mail server stopped working with this error:
>
> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
> alert bad certificate: SSL alert number 42
I have some questions:
A complete logfile record that shows the name of the Postfix
On Sun, Nov 10, 2024 at 07:16:12AM -0500, Scott K via Postfix-users wrote:
> My mail server stopped working with this error:
>
> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
> alert bad certificate: SSL alert number 42
Far too little context, bu
My mail server stopped working with this error:
TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
alert bad certificate: SSL alert number 42
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
On Wed, Sep 25, 2024 at 10:40:30AM +1000, raf via Postfix-users wrote:
> > Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: warning: TLS library
> > problem: error:0A6C:SSL routines::bad key
> > share:../ssl/statem/extensions_srvr.c:646:
>
> But I'm
tps/smtpd[24711]: SSL_accept error from
> unknown[165.154.138.57]: -1
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: warning: TLS library
> problem: error:0A6C:SSL routines::bad key
> share:../ssl/statem/extensions_srvr.c:646:
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: l
tps/smtpd[24711]: SSL_accept error from
> unknown[165.154.138.57]: -1
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: warning: TLS library
> problem: error:0A6C:SSL routines::bad key
> share:../ssl/statem/extensions_srvr.c:646:
> Sep 24 21:49:18 mxback postfix/smtps/smtpd[24711]: lost c
Viktor Dukhovni via Postfix-users wrote in
:
|On Sat, Jun 08, 2024 at 07:12:01PM -0400, Wietse Venema via Postfix-users \
|wrote:
|>>|> Jun 7 23:41:16 outwall/smtpd[19222]: warning: run-time library \
|>>|> vs. compile-time header version mismatch: OpenSSL 3.3.0 may not \
|>>|> be comp
(my logs rotate after 200 kilobytes).
|> This is postfix. I must say, out of my head i have no idea
|> whether it has always been like that for minor releases for one,
|> and whether that is also true for LibreSSL, and the other SSL
|> libraries that postfix possibly works with. An
On Sat, Jun 08, 2024 at 07:12:01PM -0400, Wietse Venema via Postfix-users wrote:
> > |> Jun 7 23:41:16 outwall/smtpd[19222]: warning: run-time library \
> > |> vs. compile-time header version mismatch: OpenSSL 3.3.0 may not \
> > |> be compatible with OpenSSL 3.2.0
> > ...
> > |[.] Ope
the API and ABI will remain compatible".
Based on that, Postfix will not complain when the build-time and
run-time versions differ only in the Patch release number.
> This is postfix. I must say, out of my head i have no idea
> whether it has always been like that for minor releases for
Jeffrey Walton (who is noloader at gmail) pointed out an
interesting point regarding some postfix log message that can be
seen on AlpineLinux edge (again).
--- Forwarded from Steffen Nurpmeso ---
Date: Sat, 08 Jun 2024 02:44:46 +0200
Author: Steffen Nurpmeso
...
Subject: Re: ssl update needs
On Mon, Sep 11, 2023 at 09:30:27PM -0400, Alex via Postfix-users wrote:
> I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and
> receiving the following errors in my logs:
>
> Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
> problem: err
Hi,
I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and receiving
the following errors in my logs:
Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library
problem: error:0AC1:SSL routines::no shared
cipher:ssl/statem/statem_srvr.c:2220:
What kind of clients is
On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote:
> > Length: 00 00 9c (156)
> > ...
> > 0x01,0x88 7 ???
> > ...
> > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA
> > ...
> > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS
> > ...
>
> All the ciphersuites offered except one (DSS) are RSA
Consider (after carefully reading over the docs explaining the required
ordering of the content) switching to consolidated preferred syntax:
smtpd_tls_chain_files =
>> This feature is available in Postfix 3.4 and later.
that one snuck by me :-/
convenient, tho, thx!
No tool. J
On Sat, Aug 12, 2023 at 02:03:56PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > checking further
> >
> > grep smtpd_tls main.cf | grep file
> > smtpd_tls_dh1024_param_file=${config_directory}/dh4096.pem
> > smtpd_tls_eckey_file
On Sat, Aug 12, 2023 at 02:27:14PM -0400, pgnd wrote:
> >> Handshake type: 01 (Client Hello)
> >> Length: 00 00 9c (156)
>
> > One thing I failed to mention is that length of 156 is rather unexpected
> > ...
> > And there's also that mysterious 0x01,0x88 cipher, which is not listed
> > in the IAN
That'd then be the file to analyse:
# tshark -nr /tmp/tls.pcap -V ssl
thx for the ez tutorial
after the key file cleanup,
...
Untrusted TLS connection established from
esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256
...
On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > Handshake type: 01 (Client Hello)
> > Length: 00 00 9c (156)
One thing I failed to mention is that length of 156 is rather unexpected
here, because the containing TLS record layer header promised a length
of 1
and host 192.0.2.1
Then identify a session (client source port) of interest and extract
just that one connection:
# tcpdump -r /tmp/smtp.pcap -s0 -w /tmp/tls.pcap tcp port 12345
That'd then be the file to analyse:
# tshark -nr /tmp/tls.pcap -V ssl
> > My money is on an ECDS
On Sat, Aug 12, 2023 at 01:42:04PM -0400, pgnd wrote:
> after the key file cleanup,
>
> ...
> Untrusted TLS connection established from
> esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher
> ECDHE-RSA-AES128-GCM-SHA256
> ...
>
> seems, in fact, EC-ready
That's ECDHE key exchan
one'd hope that banks and hospitals might be a bit more up-to-date on their end.
after the key file cleanup,
...
Untrusted TLS connection established from
esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256
...
seems, in fact, EC-ready
t,
tcpdump -i eth0 "tcp port 25 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"
is still unhelpful.
My money is on an ECDSA server certificate
on the receiving server's end, right?
which is still a bit too "exotic" for some older SMTP clients.
here, checkin
On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote:
> postconf mail_version
> mail_version = 3.8.1
As background, the RELEASE_NOTES for 3.8 mention:
- Postfix default settings now exclude the following deprecated or
unused ciphers (SEED, IDEA, 3D
why?
not my own server/config
Can you explain how each of these is better than the Postfix defaults?
all but two _are_ at defaults
postconf -n | grep -i tls | grep -i cipher | sort
@D smtpd_tls_ciphers = medium
@D smtpd_tls_exclude_ciphers =
@D
On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote:
> postconf -n | grep -i tls | grep -i cipher
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP,
> PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED,
aNULL"
2023-08-10T19:13:17.457948-04:00 cmx0024 postfix/psint/smtpd[27820]:
SSL_accept:before SSL initialization
2023-08-10T19:13:17.457997-04:00 cmx0024 postfix/psint/smtpd[27820]:
read from 5568B971BE70 [5568B9729063] (5 bytes => -1)
2023-08-10T19:13:17.524878-04:00 cmx0024 postfix/psin
24 postfix/psint/smtpd[27820]:
SSL_accept:before SSL initialization
2023-08-10T19:13:17.457997-04:00 cmx0024 postfix/psint/smtpd[27820]: read
from 5568B971BE70 [5568B9729063] (5 bytes => -1)
2023-08-10T19:13:17.524878-04:00 cmx0024 postfix/psint/smtpd[27820]: read
from
smtps/smtpd[6901]: warning: TLS library problem:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:
../ssl/record/rec_layer_s3.c:1544:SSL alert number 48:
Cert is new (renew) and openssl x509 -in ... and key is ok
server and client not connect via ssl3
The client cannot validate
On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote:
> I have some problem with cert - user who connect via 465
>
> postfix/smtps/smtpd[6901]: warning: TLS library problem:
> error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:
> ../ssl/record
Hi
Problem is only via web aplications (php)
W dniu 8.05.2023 o 13:29, natan via Postfix-users pisze:
Hi
I have some problem with cert - user who connect via 465
postfix/smtps/smtpd[6901]: warning: TLS library problem:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
ca:../ssl
Hi
I have some problem with cert - user who connect via 465
postfix/smtps/smtpd[6901]: warning: TLS library problem:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
ca:../ssl/record/rec_layer_s3.c:1544:SSL alert number 48:
Debian10
Cert is new (renew) and openssl x509 -in
g system with Postfix 3.5.17+debian11u1 and MariaDB
10.5. After adding ssl certificates and configurations it stopped
authenticating. I don't know if it is Postfix or MariaDB. Using
ngrep to monitor the stream, I can see initial encrypted traffic
followed by clear text. It appears to be a
I have a working system with Postfix 3.5.17+debian11u1 and MariaDB
10.5. After adding ssl certificates and configurations it stopped
authenticating. I don't know if it is Postfix or MariaDB. Using ngrep
to monitor the stream, I can see initial encrypted traffic followed by
clear text
A sáb, 11-02-2023 às 14:37 -0500, Viktor Dukhovni escreveu:
> On Sat, Feb 11, 2023 at 06:46:14PM +, Nicholas Jacobs wrote:
>
> > > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
> > > > routines:ASN1_get_object:header too long
> > >
On Sat, Feb 11, 2023 at 07:47:43PM +0100, Benny Pedersen wrote:
> > No, I checked that too.
> > opendkim-testkey -d complete-web-solutions.com -k
> > /etc/dkimkeys/202302081.private -s 202302081 -v -x /etc/opendkim.conf
> > gives:
> > opendkim-testkey: key secure
>
> is only dnssec ?, not if dki
On Sat, Feb 11, 2023 at 06:46:14PM +, Nicholas Jacobs wrote:
> > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
> > > routines:ASN1_get_object:header too long
> > > opendkim[3223]: F29AA21C4C: dkim_eom(): resource unavailable:
> > > d2i_Priv
Nicholas Jacobs skrev den 2023-02-11 18:24:
No, I checked that too.
opendkim-testkey -d complete-web-solutions.com -k
/etc/dkimkeys/202302081.private -s 202302081 -v -x /etc/opendkim.conf
gives:
opendkim-testkey: key secure
is only dnssec ?, not if dkim pass ?, or both ?
A sáb, 11-02-2023 às 13:33 -0500, Viktor Dukhovni escreveu:
> On Sat, Feb 11, 2023 at 03:41:06PM +, nj140...@yahoo.com wrote:
>
> > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
> > routines:ASN1_get_object:header too long
> > opendkim[3223]: F29AA21C
On Sat, Feb 11, 2023 at 03:41:06PM +, nj140...@yahoo.com wrote:
> opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long
> opendkim[3223]: F29AA21C4C: dkim_eom(): resource unavailable:
> d2i_PrivateKey_bio() failed
The ASN.1 enc
A sáb, 11-02-2023 às 10:36 -0700, Shawn Heisey escreveu:
> On 2/11/23 08:41, nj140...@yahoo.com wrote:
> > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
> > routines:ASN1_get_object:header too long
>
> Others running into something similar found that the
A sáb, 11-02-2023 às 18:33 +0100, Matus UHLAR - fantomas escreveu:
> > > On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote:
> > > > Trying to send an email from n...@complete-web-solutions.com on
> > > > the
> > > > host sv9.complete-web-solutions.com results in the following
> > > > me
On 2/11/23 08:41, nj140...@yahoo.com wrote:
opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long
Others running into something similar found that the file either was in
DOS format or had a BOM at the beginning -- characters were present that
On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote:
> Trying to send an email from n...@complete-web-solutions.com on the
> host sv9.complete-web-solutions.com results in the following
> messages
> in mail.log:
> ...
> But opendkim seems correctly configured because the command:
> open
A sáb, 11-02-2023 às 16:37 +, Scott Kitterman escreveu:
>
>
> On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote:
> > Trying to send an email from n...@complete-web-solutions.com on the
> > host sv9.complete-web-solutions.com results in the following
> > messages
> > in mail.log:
>
On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote:
>Trying to send an email from n...@complete-web-solutions.com on the
>host sv9.complete-web-solutions.com results in the following messages
>in mail.log:
>...
>But opendkim seems correctly configured because the command:
>opendkim-t
Trying to send an email from n...@complete-web-solutions.com on the
host sv9.complete-web-solutions.com results in the following messages
in mail.log:
postfix/cleanup[40982]: F29AA21C4C: message-
id=<20230211151120.f29aa21...@sv9.complete-web-solutions.com>
opendkim[3223]: F29AA21C4C: SSL
Subject: [REVISIONS] How to install SSL Certificate on Dovecot and Postfix
Good day from Singapore,
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date of Implementation: 6 Jan 2023 Friday
SECTION ON DOVECOT
===
# cd /etc/dovecot/conf.d
On 12/27/22 13:12, Aaron Axelsen wrote:
Output from a command line connection:
mysql -h secure-mysql-db.example.com -p -u mysqluser mail --ssl
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
On 12/27/2022 11:58 AM, Phil Stracchino wrote:
On 12/27/22 12:49, Aaron Axelsen wrote:
I've been trying to get the correct recipe of settings to allow
postfix to connect to mysql where ssl is required. So far I have the
following that is not working:
user = mysqluser
password = XXX
On 12/27/22 12:49, Aaron Axelsen wrote:
I've been trying to get the correct recipe of settings to allow postfix
to connect to mysql where ssl is required. So far I have the following
that is not working:
user = mysqluser
password = XXX
hosts = secure-mysql-db.example.com
dbname = mail
I've been trying to get the correct recipe of settings to allow postfix
to connect to mysql where ssl is required. So far I have the following
that is not working:
user = mysqluser
password = XXX
hosts = secure-mysql-db.example.com
dbname = mail
query = SELECT 1 FROM users WHERE emai
On Mon, Dec 12, 2022 at 01:27:59PM -0500, Alex wrote:
> Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library
> problem: error:0A000438:SSL routines::tlsv1 alert internal
> error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80:
Some remote client encountered an int
> I'm seeing periodic entries like this in my maillog:
>
> Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library
> problem: error:0A000438:SSL routines::tlsv1 alert internal
> error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80:
[...]
>
Hi,
I'm seeing periodic entries like this in my maillog:
Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library
problem: error:0A000438:SSL routines::tlsv1 alert internal
error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80:
I've searched quite a bit for more in
Dnia 8.12.2022 o godz. 11:29:35 Sam pisze:
> My plan is to pass port 465
> straight to haproxy, then haproxy does the encryption in and out.
> Ports 587 and 25 won't even be exposed. I only need one port. What
> kind of scenario are we trying to prevent?
Is your Postfix instance for sending mail
On Thu, Dec 08, 2022 at 11:29:35AM +0400, Sam wrote:
> Thank you very much for your quick reply and insight. I went ahead and
> disabled wrapper mode in master.cf (and there's no wrapper mode in
> main.cf), and I still can't telnet to port 465, even though it's in use
> in the container. When I
am I missing in
this plan?
Thank you again.
Best regards,
Sam
On 08/12/2022 1:30 AM, Viktor Dukhovni wrote:
On Wed, Dec 07, 2022 at 11:51:32PM +0400, Sam wrote:
I would like to run postfix in a docker container, and receive emails
through HaProxy with SSL termination. So the setup I wo
On Wed, Dec 07, 2022 at 11:51:32PM +0400, Sam wrote:
> I would like to run postfix in a docker container, and receive emails
> through HaProxy with SSL termination. So the setup I would like to
> achieve is:
It is generally preferrable to let Postfix do TLS-termination, so that
Postf
Hello everyone
I would like to run postfix in a docker container, and receive emails
through HaProxy with SSL termination. So the setup I would like to
achieve is:
Web -> My Server -> HaProxy (SSL/TLS decryption) -> Into my server (as
localhost with zero encryption) -> dock
On Tue, Aug 23, 2022 at 09:21:33AM -0700, nate wrote:
> On 2022-08-22 14:46, Viktor Dukhovni wrote:
>
> [..]
>
> > You don't need to sign your own domain in order to secure outbound
> > traffic
> > to domains that others have signed. You just need a local validating
> > resolver such as "unbou
On 2022-08-22 14:46, Viktor Dukhovni wrote:
[..]
You don't need to sign your own domain in order to secure outbound
traffic
to domains that others have signed. You just need a local validating
resolver such as "unbound", with DNSSEC validation turned on.
Ok, yeah I was thinking more of DANE
On Tue, Aug 23, 2022 at 01:13:56AM -0400, Demi Marie Obenour wrote:
> You should definitely deploy DNSSEC, but only after you are able to
> deploy it properly. That means having procedures to avoid nasty DNSSEC-
> related downtime.
That's needlessly scary and non-specific. Rather, it means, tha
On 8/22/22 17:38, nate wrote:
> On 2022-08-22 14:30, Viktor Dukhovni wrote:
>
>> Correct, because there's no point. Mail would be sent whether the
>> certificate is trusted or not, and whether or not the DNS-ID matches
>> expectations.
>>
>> Setting up a TLS policy for each domain that's hosted b
1 - 100 of 933 matches
Mail list logo
