Hi Viktor,
thanks for your answer but that does not answer by question. Is the
/etc/ssl/certs directory loaded also by default ? I did the test:
smtp_tls_CApath = /foo/bar
I added/hashed some certs in /foo/bar
When postfix connects to a smtp server (tls verify), certificates
issued by CAs from /et
Please do not top-post your replies. Thank you.
On Wed, Jun 09, 2010 at 10:22:16AM +0200, Jan C. wrote:
> thanks for your answer but that does not answer by question. Is the
> /etc/ssl/certs directory loaded also by default ? I did the test:
Postfix postconf(5) defaults can be shown with the post
Hi,
> Um, no. By default Postfix is not going to use TLS at all. When
> activated, by default, no certificate verification is done at all.
> Consult your distributor's package documentation if they have set
> different defaults.
If I set smtp_tls_CApath to /etc/ssl/certs and then again to somethin
On Wed, Jun 9, 2010 at 02:43, J. Roeleveld wrote:
> Even though I have considered it myself as well once, I am curious as to why
> someone would put a firewall on localhost?
Other applications could become compromised by spammy virii that
exploited their vulnerabilities and start spewing filth,
Stan Hoeppner:
> Noel Jones put forth on 6/8/2010 8:58 AM:
>
> > and while I've never met anyone named Wietse, I seem to remember seeing
> > that name in the postfix copyright statement. His advice might be worth
> > paying attention to.
>
> https://researcher.ibm.com/researcher/view.php?person=
Actually, this step is not needed to reproduce it :
> Now I set:
> ~ $ postconf -e smtp_tls_CApath=/etc/ssl/certs/
> and reload postfix
>
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
regards,
Jan
Hello,
I used to have a old SMTP server, with after-queue content filtering. My new
setup involve a before-queue content filter (amavisd). Unfortunately, Amavisd
is a little bit strict about the smtp session: it bounces email sent using
"MAIL FROM: address" instead of "MAIL FROM:".
It's ok for
Jan C.:
> Actually, this step is not needed to reproduce it :
> > Now I set:
> > ~ $ postconf -e smtp_tls_CApath=/etc/ssl/certs/
> > and reload postfix
> >
>
> to sum it up, when smtp_tls_CApath is not empty, CAs from
> /etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
Victor wi
Proniewski Patrick:
> Hello,
>
> I used to have a old SMTP server, with after-queue content filtering.
> My new setup involve a before-queue content filter (amavisd).
> Unfortunately, Amavisd is a little bit strict about the smtp
> session: it bounces email sent using "MAIL FROM: address" instead
On Wed, Jun 09, 2010 at 11:25:50AM -0400, Wietse Venema wrote:
> > to sum it up, when smtp_tls_CApath is not empty, CAs from
> > /etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
This is done primarily by OpenSSL, but as Wietse observes:
> Victor will have to confirm or deny th
Hello,
ok then t least I know what's the origin of the behavior I had.
On Wed, Jun 9, 2010 at 6:12 PM, Victor Duchovni
wrote:
> I guess our documentation has never promised the use of system CAs when
> CApath or CAfile are set, failing to override the system settings is
> counter-intuitive, so I
On Wed, Jun 09, 2010 at 06:30:59PM +0200, Jan C. wrote:
> Hello,
> ok then t least I know what's the origin of the behavior I had.
>
> On Wed, Jun 9, 2010 at 6:12 PM, Victor Duchovni
> wrote:
> > I guess our documentation has never promised the use of system CAs when
> > CApath or CAfile are set
On Wed, Jun 9, 2010 at 6:35 PM, Victor Duchovni
wrote:
> Probably, although I don't think we've reached a final decision yet...
> My preference is to not trust some random list of CAs that came with the
> O/S OpenSSL package when the user specifies an explicit CAfile/CApath,
> but this would be an
On Wed, Jun 09, 2010 at 06:39:26PM +0200, Jan C. wrote:
> On Wed, Jun 9, 2010 at 6:35 PM, Victor Duchovni
> wrote:
> > Probably, although I don't think we've reached a final decision yet...
> > My preference is to not trust some random list of CAs that came with the
> > O/S OpenSSL package when t
Victor Duchovni:
> On Wed, Jun 09, 2010 at 11:25:50AM -0400, Wietse Venema wrote:
>
> > > to sum it up, when smtp_tls_CApath is not empty, CAs from
> > > /etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
>
> This is done primarily by OpenSSL, but as Wietse observes:
>
> > Victo
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
Jun 9 13:20:50 hobbes postfix/smtp[7398]:
On Wed, Jun 09, 2010 at 01:34:53PM -0400, Wietse Venema wrote:
> > I guess our documentation has never promised the use of system CAs when
> > CApath or CAfile are set, failing to override the system settings is
> > counter-intuitive, so I can support this change. We'll also have to
> > document t
Hi:
I've a question about setting up postfix in a chroot on a Linux RHEL5
setup. I'm using the RedHat package of postfix (Version 2.3.3) which was
installed with the RedHat install. Everything is working fine, but now I
want to chroot it. On the Postfix website, it says:
"In order to enable ch
2010/6/9 :
> Hi:
>
> I've a question about setting up postfix in a chroot on a Linux RHEL5 setup.
> I'm using the RedHat package of postfix (Version 2.3.3) which was installed
> with the RedHat install. Everything is working fine, but now I want to
> chroot it. On the Postfix website, it says:
>
>
Le 09/06/2010 19:35, Philippe Chaintreuil a écrit :
> One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
> not been accepting it, they don't give a reason, they just disconnect
> after getting the whole message:
>
> ---
Philippe Chaintreuil:
> One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
> not been accepting it, they don't give a reason, they just disconnect
> after getting the whole message:
>
>
> Jun 9 13:2
On Wed, 9 Jun 2010, Olivier MJ Crepin-Leblond wrote:
Le 09/06/2010 19:35, Philippe Chaintreuil a ?crit :
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
---
On Wed, Jun 09, 2010 at 01:35:03PM -0400, Philippe Chaintreuil wrote:
> One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
> not been accepting it, they don't give a reason, they just disconnect
> after getting the whole message:
>
> -
On 6/9/2010 10:11 AM, Proniewski Patrick wrote:
Hello,
I used to have a old SMTP server, with after-queue content filtering. My new setup involve a before-queue
content filter (amavisd). Unfortunately, Amavisd is a little bit strict about the smtp session: it
bounces email sent using "MAIL FRO
On 6/9/10 5:34 PM, Victor Duchovni wrote:
> Make sure you don't have window-scaling enabled on your MTA, and that
> path MTU discovery works through your firewall. If that does not solve it,
> see other suggestions in thread.
I turned off my firewall (iptables) and the issue still occurs.
Victor Duchovni:
> I guess our documentation has never promised the use of system CAs when
> CApath or CAfile are set, failing to override the system settings is
> counter-intuitive, so I can support this change. We'll also have to
> document the semantics of "CAfile == CApath == ".
Why do we have
I'm most likely doing it wrong:
$ postmulti -i postfix-out -x mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
1BCBD1DF86 2622 Mon Jun 7 03:02:34
boskop-svn-bounces+trac=trac.incertum@lists.incertum.net
(connect to trac.incertum.net[85.214.20.182]:25: Co
* Stefan Foerster :
> I'm most likely doing it wrong:
>
> $ postmulti -i postfix-out -x mailq
> -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> 1BCBD1DF86 2622 Mon Jun 7 03:02:34
> boskop-svn-bounces+trac=trac.incertum@lists.incertum.net
> (connect to trac.
28 matches
Mail list logo
