On 2015-08-04 5:59 pm, Viktor Dukhovni wrote:
On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote:
I would like to enforce smtp tls for a domain and all of it's
subdomains
except one. For example my tls_policy file would look something like
this:
.example.com en
On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote:
> I would like to enforce smtp tls for a domain and all of it's subdomains
> except one. For example my tls_policy file would look something like this:
>
> .example.com encrypt
> test.example.com may
I would like to enforce smtp tls for a domain and all of it's subdomains
except one. For example my tls_policy file would look something like
this:
.example.com encrypt
test.example.com may
Will this work? Is there a particular order the records should be in?
On 04/05/2015 10:45, Viktor Dukhovni wrote:
On Mon, May 04, 2015 at 08:59:10AM +0300, Birta Levente wrote:
Can you reproduce the problem by using "-CAfile $cafile" with
s_client(1)? I don't see how adding a trusted CA can break the
handshake if the CA is well formed.
Please provide more infor
On Mon, May 04, 2015 at 08:59:10AM +0300, Birta Levente wrote:
> > Can you reproduce the problem by using "-CAfile $cafile" with
> > s_client(1)? I don't see how adding a trusted CA can break the
> > handshake if the CA is well formed.
> >
> > Please provide more information. Please attach a gzi
On 30/04/2015 17:38, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:29:29AM +0300, Birta Levente wrote:
On 30/04/2015 10:17, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everyt
Birta Levente skrev den 2015-04-29 15:47:
But something happening after negotiation.
My knowledge is not deep at all, but certainly they have problem with
TLSv1.2.
posttls-finger -P /etc/ssl/certs irs-ro.mail.eo.outlook.com
shows Verified here
On Thu, Apr 30, 2015 at 10:29:29AM +0300, Birta Levente wrote:
> On 30/04/2015 10:17, Viktor Dukhovni wrote:
> >On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
> >
> >>OK, I found the problem:
> >>I had configured the smtp_tls_CAfile. Removing everything works fine.
> >Was the file
On 30/04/2015 10:17, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everything works fine.
Was the file malformed? I have a hard time imagining any non-empty
set of well-formed certs
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
> OK, I found the problem:
> I had configured the smtp_tls_CAfile. Removing everything works fine.
Was the file malformed? I have a hard time imagining any non-empty
set of well-formed certs in that file causing the problem you
descr
On 30/04/2015 09:58, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
Well "your end" can be anywhere between you and the Microsoft email
host
On 30 Apr 2015, at 08:46, Birta Levente wrote:
>>>>> Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
>>>>> hash:/etc/postfix/tls_policy:
>>>>>
>>>>> tls_policy:
>>>>> irs.ro may prot
On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
> >Perhaps some sort of middle-box is interfering with TLS on your
> >end. Also, what version of OpenSSL are you using?
Well "your end" can be anywhere between you and the Microsoft email
hosting mail servers.
> I make a test on ano
iling list archive I resolved with
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
Instead of forcing "TLSv1" (I would recomment specific exclusions).
protocols=!SSLv2:!SSLv3
I tried this too, bu
works...so I don't know
>
> Apr 29 15:04:46 srv1 postfix/smtp[5398]: Untrusted TLS connection established
> to mx4.hotmail.com[65.55.33.119]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-SHA384 (256/256 bits)
> Apr 29 15:04:47 srv1 postfix/smtp[5398]: 3lcJRw1t3lz1lvk7:
> to=, relay=mx
rv1 postfix/smtp[5398]: 3lcJRw1t3lz1lvk7:
to=, relay=mx4.hotmail.com[65.55.33.119]:25,
delay=3.4, delays=0.08/0.13/1.9/1.3, dsn=2.0.0, status=sent (250
<5540c8dc.1000...@.ro> Queued mail for delivery)
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
at least as far as "RCPT TO:"
and the negative reply.
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
> Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
> hash:/etc/postfix/tls_policy:
>
&g
.
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
But all this domains have MX record pointed to
something.othersomething.outlook.com, so I wonder if there is
he message in plain.
>
> Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
> hash:/etc/postfix/tls_policy:
>
> tls_policy:
> irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
>
>
> But all this domains have MX record pointed to
/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
But all this domains have MX record pointed to
something.othersomething.outlook.com, so I wonder if there is a method
to apply this policy like that:
[.outlook.com]:25 may protocols=TLSv1 ciphers
20 matches
Mail list logo
