Am 05.01.2015 um 20:23 schrieb DTNX Postmaster:
On 05 Jan 2015, at 19:51, li...@rhsoft.net wrote:
Gmail's outbound servers prefers RC4-SHA if offered by the SMTP
server, when Gmail drops RC4 support, these domains will finally
feel real pressure to either disable or fix their TLS stack.
Gmai
On 05 Jan 2015, at 19:51, li...@rhsoft.net wrote:
>>> Gmail's outbound servers prefers RC4-SHA if offered by the SMTP
>>> server, when Gmail drops RC4 support, these domains will finally
>>> feel real pressure to either disable or fix their TLS stack.
>>
>> Gmail prefers ECDHE-RSA-AES256-SHA, and
On 05 Jan 2015, at 19:33, Per Thorsheim wrote:
> Den 05.01.2015 18:59, skrev li...@rhsoft.net:
>>
>> Am 05.01.2015 um 18:47 schrieb Viktor Dukhovni:
>>> On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
>>>
> With RC4-SHA early enough for the 11-year old Microsoft Exchange
>>
Am 05.01.2015 um 19:43 schrieb DTNX Postmaster:
On 05 Jan 2015, at 19:18, Viktor Dukhovni wrote:
On Mon, Jan 05, 2015 at 06:59:06PM +0100, li...@rhsoft.net wrote:
No, this is a bad idea, it is in fact 3DES that is broken with such servers
Shouldn't we start to disable RC4 as well as DES-CB
On 05 Jan 2015, at 19:18, Viktor Dukhovni wrote:
> On Mon, Jan 05, 2015 at 06:59:06PM +0100, li...@rhsoft.net wrote:
>
>>> No, this is a bad idea, it is in fact 3DES that is broken with such servers
>>
>> Shouldn't we start to disable RC4 as well as DES-CBC3-SHA for that horrible
>> outdated cr
Den 05.01.2015 18:59, skrev li...@rhsoft.net:
>
> Am 05.01.2015 um 18:47 schrieb Viktor Dukhovni:
>> On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
>>
With RC4-SHA early enough for the 11-year old Microsoft Exchange
servers.
>>>
>>> Sadly, older Exchange servers (2003 a
On 05 Jan 2015, at 18:59, li...@rhsoft.net wrote:
> Am 05.01.2015 um 18:47 schrieb Viktor Dukhovni:
>> On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
>>
With RC4-SHA early enough for the 11-year old Microsoft Exchange
servers.
>>>
>>> Sadly, older Exchange servers (20
On Mon, Jan 05, 2015 at 06:59:06PM +0100, li...@rhsoft.net wrote:
> >No, this is a bad idea, it is in fact 3DES that is broken with such servers
>
> Shouldn't we start to disable RC4 as well as DES-CBC3-SHA for that horrible
> outdated crap servers and fallback to unencrypted at all instead conti
On 05 Jan 2015, at 18:47, Viktor Dukhovni wrote:
> On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
>
>>> With RC4-SHA early enough for the 11-year old Microsoft Exchange
>>> servers.
>>
>> Sadly, older Exchange servers (2003 at least) will favour 3DES over RC4
>> for TLS conne
Am 05.01.2015 um 18:47 schrieb Viktor Dukhovni:
On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
With RC4-SHA early enough for the 11-year old Microsoft Exchange
servers.
Sadly, older Exchange servers (2003 at least) will favour 3DES over RC4
for TLS connections, IIRC.
This
On Mon, Jan 05, 2015 at 06:01:03PM +0100, DTNX Postmaster wrote:
> > With RC4-SHA early enough for the 11-year old Microsoft Exchange
> > servers.
>
> Sadly, older Exchange servers (2003 at least) will favour 3DES over RC4
> for TLS connections, IIRC.
This is not correct.
> I don't have the fi
On 05 Jan 2015, at 15:52, Viktor Dukhovni wrote:
> On Mon, Jan 05, 2015 at 03:10:49PM +0100, Matthias Schneider wrote:
>
>> I noticed that many Exchange Servers nowadays have problems with TLS. Is
>> there a way to make a fallback to plain if there is a timeout on MAIL FROM?
>
> Postfix 2.12 (a
On Mon, Jan 05, 2015 at 03:10:49PM +0100, Matthias Schneider wrote:
> I noticed that many Exchange Servers nowadays have problems with TLS. Is
> there a way to make a fallback to plain if there is a timeout on MAIL FROM?
Postfix 2.12 (almost released, but for now 2.12-20141228 is the
latest snaps
Am 05.01.2015 um 15:10 schrieb Matthias Schneider:
> Hello,
>
> I noticed that many Exchange Servers nowadays have problems with TLS. Is
> there a way to make a fallback to plain if there is a timeout on MAIL
> FROM? I currently use smtp_tls_security_level=may
>
> I found some 100's domains on di
Hello,
I noticed that many Exchange Servers nowadays have problems with TLS. Is
there a way to make a fallback to plain if there is a timeout on MAIL
FROM? I currently use smtp_tls_security_level=may
I found some 100's domains on different IPs which have this problems
right now, here is a ex
15 matches
Mail list logo
