On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote:
> Thank you so much for the suggestion to review the crypto setting as this
> indeed a RedHat based distribution. I confirmed it is set to "default"
> which means “The default system-wide cryptographic policy level offers
> s
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks
identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the
crypto policy on a per application basis. You can customize an existing
crypto policy or create your own. I t
so it can
be wiped and recycled.
On Fri, May 5, 2023 at 7:29 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
>
> > postfix/smtpd[1234567]: SSL_accept error from
> xxx.xxx.xxx[y
I don't even know whether RedHat exposes any mechanisms for applications> to opt-out
of crypto policy and use only application-driven OpenSSL> configuration. This is
should perhaps be looked into in the Postfix 3.9> timeframe.
from my notes dealing with new Fedora crypto-policies on a number o
On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> You should of course also share
> (https://www.postfix.org/DEBUG_README.html#mail)
>
> $ postconf -nf
> $ postconf -Mf
>
> without any changes in whitespace, including line breaks. Attaching
> these a
> >
>
> Because TLS/SSL things are very complex, you have to show us real
> settings all. Like me: (yw-0919: inbound, yw-1204: outbound)
> [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919
> [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204
>
And P
;
> Am I missing anything?
>
> [snippet from main.cf]
> smtpd_tls_security_level = may
>
> [snippet from log]
> May 05 16:27:59 zzz postfix/smtpd[1234567]: connect from
> xxx.xxx.xxx[yyy.yyy.yyy.yyy]
> May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error fr
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
> postfix/smtpd[1234567]: warning: TLS library problem:
> error:0398:digital envelope routines::invalid
> digest:crypto/evp/m_
xxx.xxx.xxx[yyy.yyy.yyy.yyy]
May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error from
xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem:
error:0398:digital envelope routines::invalid
digest:crypto/evp/m_sigver.c:343:
May 05 16:27:59 zzz
log and after
> researching
> > and making changes cannot fix them.
> > I searched on the web and there are many different cases discussed,
> but...
> >
> > Feb 5 03:50:12 home postfix/smtps/smtpd[402300]: SSL_accept error from
> > unknown[10.5.2.1]: lost connecti
I find these error messages in /var/log/maillog and after researching
> and making changes cannot fix them.
> I searched on the web and there are many different cases discussed, but...
>
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]: SSL_accept error from
> unknown[10.5.2.1]:
On Tue, Feb 07, 2023 at 05:59:52PM +0100, Wolfgang Paul Rauchholz wrote:
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]:
> SSL_accept error from unknown[10.5.2.1]: lost connection
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]:
> lost connection after CONNECT from unkn
researching
and making changes cannot fix them.
I searched on the web and there are many different cases discussed, but...
Feb 5 03:50:12 home postfix/smtps/smtpd[402300]: SSL_accept error from
unknown[10.5.2.1]: lost connection
Feb 5 03:50:12 home postfix/smtps/smtpd[402300]: lost connection
On 19/10/2021 05:59, Maurizio Caloro wrote:
see today logs "SSL_accept Error", please its this a known issue?
installed Postfix 3.4.14, Openssl 1.1.1d, Debian 10.11.
Oct 19 05:59:18 nmail postfix/smtps/smtpd[32720]: SSL_accept error
from 232.115.xx.xx.static.ip.windstream.net[40
Hello
see today logs "SSL_accept Error", please its this a known issue?
installed Postfix 3.4.14, Openssl 1.1.1d, Debian 10.11.
Oct 19 05:59:18 nmail postfix/smtps/smtpd[32720]: SSL_accept error from
232.115.xx.xx.static.ip.windstream.net[40.138.xx.xx]: lost connection
Oct 19 06:4
On 15.01.2017 07:39, Noel Jones wrote:
On 1/14/2017 2:40 AM, Admin Beckspaced wrote:
All other MTA's don't seem to have any problems with TLS / STARTTLS.
What can I do to fix this problem? Let the other MTA know that they
got an issue with their TLS setup?
Thanks & greetings
Becki
If your g
On 1/14/2017 2:40 AM, Admin Beckspaced wrote:
> All other MTA's don't seem to have any problems with TLS / STARTTLS.
>
> What can I do to fix this problem? Let the other MTA know that they
> got an issue with their TLS setup?
>
> Thanks & greetings
> Becki
If your goal is to get the mail flowin
ient certificate A
> 2017-01-14T14:41:43.313611+01:00 cx20 postfix/smtpd[25337]: SSL_accept error
> from mail.kommunalunternehmen.de[217.6.53.146]: Connection reset by peer
> 2017-01-14T14:41:43.313970+01:00 cx20 postfix/smtpd[25337]: lost connection
> after STARTTLS from mail.kommun
L_accept:SSLv3 write server done A
2017-01-14T14:41:43.298112+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 flush data
2017-01-14T14:41:43.313040+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:error in SSLv3 read client certificate A
2017-01-14T14:41:43.313611+01:00 cx20 postfix/smtpd[25337]: S
>
>After looking for the partner email I found those log entries:
>
>2017-01-14T00:31:28.312121+01:00 cx20 postfix/smtpd[12579]: connect
>from
>mail.kommunalunternehmen.de[217.6.53.146]
>2017-01-14T00:31:28.419190+01:00 cx20 postfix/smtpd[12579]: SSL_accept
>error from mail.ko
8.312121+01:00 cx20 postfix/smtpd[12579]: connect from
mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T00:31:28.419190+01:00 cx20 postfix/smtpd[12579]: SSL_accept
error from mail.kommunalunternehmen.de[217.6.53.146]: Connection reset
by peer
2017-01-14T00:31:28.420304+01:00 cx20 postfix/smtp
> On Dec 11, 2016, at 3:25 AM, Dominic Raferd wrote:
>
> In general my postfix mail server is working well, it is receiving
> emails with optional STARTTLS. But I am occasionally seeing an error
> message like this in the log:
>
> 2016-12-11 00:32:19 dl1 postfix/smtpd[136
is receiving
>>>> emails with optional STARTTLS. But I am occasionally seeing an error
>>>> message like this in the log:
>>>>
>>>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>>>> unknown[14.215.156.100]: lost connectio
ccasionally seeing an error
>>> message like this in the log:
>>>
>>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>>> unknown[14.215.156.100]: lost connection
>>>
>>> The connection giving rise to the error is never from o
>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>> unknown[14.215.156.100]: lost connection
>>
>> The connection giving rise to the error is never from one of our
>> machines/users. Should I be worried about it? Does it indicate some
>> bad
gt;>
>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>> unknown[14.215.156.100]: lost connection
>>
>> The connection giving rise to the error is never from one of our
>> machines/users. Should I be worried about it? Does it indicate some
&
On 12/11/2016 09:25 AM, Dominic Raferd wrote:
> In general my postfix mail server is working well, it is receiving
> emails with optional STARTTLS. But I am occasionally seeing an error
> message like this in the log:
>
> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_ac
In general my postfix mail server is working well, it is receiving
emails with optional STARTTLS. But I am occasionally seeing an error
message like this in the log:
2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
unknown[14.215.156.100]: lost connection
The connection giving
On Mon, Nov 07, 2016 at 10:30:06AM -0500, Bill Cole wrote:
> >Nov 7 15:03:29 blueberry postfix/smtpd[18091]:
> >mail-ve1eur01hn032d.outbound.protection.outlook.com[2a01:111:f400:fe1f::32d]:
> >TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH:!aNULL"
>
> This is probably your problem. The austere cip
On 7 Nov 2016, at 9:26, Florian Piekert wrote:
Hello everybody,
another issue around TLS/SSL from me.
I see tons of
==> mail/mail.log <==
[...]
Nov 7 15:03:29 blueberry postfix/smtpd[18091]:
mail-ve1eur01hn032d.outbound.protection.outlook.com[2a01:111:f400:fe1f::32d]:
TLS cipher list "aNULL
ry postfix/smtpd[18091]: SSL_accept:unknown state
Nov 7 15:03:29 blueberry postfix/smtpd[18091]: message repeated 5 times: [
SSL_accept:unknown state]
Nov 7 15:03:29 blueberry postfix/smtpd[18091]: SSL_accept:failed in unknown
state
Nov 7 15:03:29 blueberry postfix/smtpd[18091]: SSL_accept
Victor Duchovni:
> On Fri, Jul 22, 2011 at 09:32:29AM -0400, Wietse Venema wrote:
>
> > > So what are those?
> >
> > Postfix prints all information that is available on the OpenSSL
> > error stack. The absence of such logging suggests that the error
> > stack is empty (perhaps the client hung up)
-07-22T05:53:57-04:00 amnesiac postfix/qmgr[11097]: C62C71748001: removed
TLS SSL_accept error 0
2011-07-22T05:53:33-04:00 amnesiac postfix/smtpd[9446]: connect from
unknown[192.0.2.1]
2011-07-22T05:53:33-04:00 amnesiac postfix/smtpd[9446]: SSL_accept error from
unknown[192.0.2.1]: 0
2011
* Wietse Venema :
> > That's all there was. OK, I'll just ignore those then.
>
> I would not deny that this user interface can be improved. One
> minor improvement would be to log "lost connection" when the OpenSSL
> error stack is empty (i.e. when ERR_peek_error() returns an end-of-data
> indic
Ralf Hildebrandt:
> * Wietse Venema :
>
> > > Jul 3 17:44:00 mail postfix/smtpd[1210]: SSL_accept error from
> > > post.blossin.de[217.92.177.100]: -1
> > > Jul 3 17:53:22 mail postfix/smtpd[1174]: SSL_accept error from
> > > post.blossin.de[217.
* Wietse Venema :
> > Jul 3 17:44:00 mail postfix/smtpd[1210]: SSL_accept error from
> > post.blossin.de[217.92.177.100]: -1
> > Jul 3 17:53:22 mail postfix/smtpd[1174]: SSL_accept error from
> > post.blossin.de[217.92.177.100]: -1
> > Jul 3 18:31:12 mail p
Ralf Hildebrandt:
> I'm seeing sporadic "SSL_accept error" messages and would like to know
> their significance. Sometimes I'm seeing ": 0", sometime ": -1"
>
> A few examples:
>
> Jul 3 17:44:00 mail postfix/smtpd[1210]: SSL_accept err
I'm seeing sporadic "SSL_accept error" messages and would like to know
their significance. Sometimes I'm seeing ": 0", sometime ": -1"
A few examples:
Jul 3 17:44:00 mail postfix/smtpd[1210]: SSL_accept error from
post.blossin.de[217.92.177.100]: -1
On 11/26/2009 9:43 PM, sosogh wrote:
Hi list
I am running two postfix on two servers.One acts as smtp tls client,
the other one acts as smtpd tls server.
I tried to send mails from smtp tls client to smtpd tls server
---
IP are
_security_level=encryt
log:
Nov 27 09:51:45 debian postfix/smtpd[3511]: SSL_accept:before/accept
initialization
Nov 27 09:51:45 debian postfix/smtpd[3511]: read from B8A34DD0 [B8A3E4F0] (11
bytes => -1 (0xFFFF))
Nov 27 09:56:45 debian postfix/smtpd[3511]: SSL_accept error from
unknown[1.1.1.1]: -1
Nov 2
On 9/8/2009 10:20 AM, paul beard wrote:
I don't see an smtpd_recipient_restrictions here. You will need at
least:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
smtpd_recipient_restrictions was there, as spec
On Tue, Sep 08, 2009 at 08:20:19AM -0700, paul beard wrote:
> Any idea if I should care about this?
>
> Sep 8 08:06:57 shuttle postfix/smtpd[61994]: warning:
> network_biopair_interop: error reading 11 bytes from
> the network: Connection reset by peer
After you turned-off wrapper mode and rel
On Tue, Sep 8, 2009 at 8:01 AM, Noel Jones wrote:
> Looks like the client disconnected.
>
> Test your TLS implementation with
> openssl s_client -connect IP:port -starttls smtp
>
> If you get a
> 250 DSN
> or similar message after all the SSL handshake goop, then it worked.
>
>
OK, all is well he
On 9/8/2009 3:07 AM, Paul Beard wrote:
I am getting no inbound email after locking down the requirements of
users to authenticate before sending. I dropped back from current
(2.7.*) to 2.6.5.
Not having any success getting tcpdump output. The version I have
differs from the example in the DEBUG
mtpd[56332]: SSL_accept:before/accept
initialization
Sep 8 00:45:30 shuttle postfix/smtpd[56332]: read from 34103AC0
[341BF000] (11 bytes => -1 (0x))
Sep 8 00:45:33 shuttle postfix/smtpd[56335]: SSL_accept error from
mail-pz0-f204.google.com[209.85.222.204]: -1
Sep 8 00:45:33 sh
gt; Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted
>>> attribute: (list terminator)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
>>> se
On Mon, Jun 15, 2009 at 04:48:26PM +0200, Jelle de Jong wrote:
> Thank you Wietse, I have asked the other server party to see if they can
> sent me the logs, I hope they will sent them, they say the problem is on
> my end, but I have no diffidence for that so far.
>
> I will also sent the debug i
mtpd[23401]: private/tlsmgr: wanted
>> attribute: (list terminator)
>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
>> sepaip2.webish.nl[77.243.228.161]: -1
>> Jun 15 13:57:4
01]: private/tlsmgr: wanted
> > attribute: (list terminator)
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
> > sepaip2.webish.nl[77.243.228.161]: -1
> > Jun 15 13:57:46
te:
> (list terminator)
> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
> sepaip2.webish.nl[77.243.228.161]: -1
> Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname: sepaip2.webish
:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted attribute:
(list terminator)
Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
sepaip2.webish.nl[77.243.228.161]: -1
Jun 15 13:57:46 emily postfix/smtpd[23
:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted attribute:
(list terminator)
Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
sepaip2.webish.nl[77.243.228.161]: -1
Jun 15 13:57:46 emily postfix/smtpd[23
52 matches
Mail list logo
