> hyndavirap...@bel.co.example:
>> 1. error log before adding "smtp_tls_CAfile" param is as follows
>>
>
> I replaced the top-level domain name for privacy reasons.
>
>> postfix/smtp[3525]: certificate verification failed for
>> 201.123.80.173[201.123.80.173]:25: untrusted issuer
>> /C=EXAMPLE/ST=k
Hi,
Is there any standard behavior in respect to 430 4.7.0?
For example, clients such as facebook, messagelabs don't deliver messages
using TLS constantly.
Would they retry immediately with TLS or they will keep rotating IPs until
one is using STARTTLS?
Thank you.
Marius.
smi
On Sat, Oct 31, 2015 at 04:10:33PM +0530, hyndavirap...@bel.co.in wrote:
> tls_policy file contains:
>
> [201.123.80.173]:25 encrypt match=AHQserver
Is the name in the certificate really not fully-qualified? The
"encrypt" policy does not entail certificate verification.
Try:
[201.123.80
hyndavirap...@bel.co.in:
> AHQ.tcs.mil.example relay:[201.123.80.173]:25
...
> [201.123.80.173]:25 encrypt match=AHQserver
...
> CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example
The match= requires a complete match (case-insensitive). You specify
only a substring of the
Marius Gologan:
> Is there any standard behavior in respect to 430 4.7.0?
The standard says that this is a soft error, i.e. delivery
may succeed at a different time or server.
> For example, clients such as facebook, messagelabs don't deliver
> messages using TLS constantly.
Me no understand.
Thanks and sorry for my English.
I noticed in the meanwhile that is no standard behavior for that code.
I was referring to this case: messages from Facebook, Messagelabs and others
TO Postfix.
Those sources are capable of encryption protocol, but I receive messages
often in plain text with no S
On Sat, Oct 31, 2015 at 10:16:37AM -0400, Wietse Venema wrote:
> hyndavirap...@bel.co.in:
> > AHQ.tcs.mil.example relay:[201.123.80.173]:25
> ...
> > [201.123.80.173]:25 encrypt match=AHQserver
> ...
> > CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example
>
> The match= requir
Hello,
I'm running a FreeBSD 10.2 system, postfix 2.11.6, Openssl 1.0.1P. I'm
working on setting up a webmail client to my existing
Postfix/Dovecot/Mysql setup. I've tried two webmail clients both are
giving me the below errors when the webmail client (postfix dovecot
mysql the web server are all
On Sat, Oct 31, 2015 at 12:05:29PM -0400, David Mehler wrote:
> I am using self-signed certificates via my own CA if that matters.
A certificate is either self-signed, or issued by a CA. Which is it?
> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: SSL_accept error from
> localhost[::1]:
Hello,
Thank you. I apologize, let me clarify my statement. I have created my
own CA on an offline machine which I use to sign all of my
certificates.
When you say the client doesn't trust the server certificate, that's
not the webmail, that's the submission service not trusting the
postfix Serve
On Sat, Oct 31, 2015 at 03:35:14PM -0400, David Mehler wrote:
> Thank you. I apologize, let me clarify my statement. I have created my
> own CA on an offline machine which I use to sign all of my
> certificates.
Good, that removes ambiguity.
> When you say the client doesn't trust the server cer
11 matches
Mail list logo
