On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and others, doesn't it state that it would only affect new
> issues certs after a certain date?
Yes, but most StartSSL/WoSign certificates are only valid for a year or
less. S
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
Domain registration isn't free. Server time isn't free. Something like $20 a
year would be fine. I already have a se
On 2016-09-28 10:25, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost certs
> would be appreciated. I don't like how Let's Encrypt works, else that would
> be the obvious solution.
"how Let's Encrypt works" is a bit vague. Domain verification
Am 28. September 2016 10:25:42 MESZ, schrieb li...@lazygranch.com:
>I don't want take this thread off course, but suggestions for low cost
>certs would be appreciated. I don't like how Let's Encrypt works, else
>that would be the obvious solution.
I get mine through https://www.ssls.com
>Domain
> Am 28.09.2016 um 10:25 schrieb li...@lazygranch.com:
>
> I don't want take this thread off course, but suggestions for low cost certs
> would be appreciated. I don't like how Let's Encrypt works, else that would
> be the obvious solution.
>
> Domain registration isn't free. Server time isn'
On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost
> certs would be appreciated. I don't like how Let's Encrypt works, else
> that would be the obvious solution.
I am curious what you don't like about "Le
CACert came up in my search. I will look into it. Suggestions always
appreciated since I'm quite comfortable with people out there knowing more than
me.
I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
server. It bugs me. About the only outside control of my server I a
On Wed, Sep 28, 2016 at 01:55:06AM -0700, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server. It bugs me.
You're mistaken about how LE works. There is no remote control of
your server, or any externally imposed update. They provide
On 28/09/16 09:25, li...@lazygranch.com wrote:
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
When Symantec first announced that they would compete with Let's Encr
On 28.09.2016 10:55, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.
Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked ma
On 2016.09.28. 12:59, Ralph Seichter wrote:
As for the "90 day deal": LE is still in ramp-up phase, so I expect the
validity period to increase. Even with 90 days, it is worth using their
certificates. In a DANE context, all you need to take care of is not
automatically generating new keys with
On 28/09/16 09:51, Boris Behrens wrote:
>> Am 28.09.2016 um 10:25 schrieb li...@lazygranch.com:
>>
>> I don't want take this thread off course, but suggestions for low cost certs
>> would be appreciated. I don't like how Let's Encrypt works, else that would
>> be the obvious solution.
>>
>> Do
On 28.09.2016 12:03, KSB wrote:
> probably they will go down to 30 days as most admins learn to do
> automation.
I have read various LE posts regarding certificate lifetime, and while I
agree that LE apparently favours automation, I don't think the matter
has been decided yet. My personal (!) tak
> On Sep 28, 2016, at 1:55 AM, li...@lazygranch.com wrote:
>
> CACert came up in my search. I will look into it. Suggestions always
> appreciated since I'm quite comfortable with people out there knowing more
> than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
My StartSSL-certs are valid until 4th of october. Luckily I switched to
Let's encrypt yesterday - with DANE, of course. ;-)
Regards,
Renne
Am 28.09.2016 um 00:29 schrieb Viktor Dukhovni:
> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by
On 16-09-28 04:55 AM, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server.
While I do not like to grant root access to a third-party controlled
process on my server, there are good alternatives and the only things
that I upload to my s
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
> CACert came up in my search. I will look into it. Suggestions always
> appreciated since I'm quite comfortable with people out there knowing more
> than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> serve
On Wed, Sep 28, 2016 at 08:53:01AM +, Viktor Dukhovni wrote:
> On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com
> wrote:
>
> > I don't want take this thread off course, but suggestions for low
> > cost certs would be appreciated. I don't like how Let's Encrypt
> > works, else
For PostFix in particular?
For mail servers in general?
On 2016.09.28. 17:47, Mike wrote:
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
CACert came up in my search. I will look into it. Suggestions always
appreciated since I'm quite comfortable with people out there knowing more than
me.
I didn't like the Let's Encrypt 90 day deal with mysteri
Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
We also have probably strict HELO:
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl
On 09/28/16 09:58 am, Stephen Satchell wrote:
For PostFix in particular?
For mail servers in general?
What does a Google search tell you?
On 9/28/2016 10:53 AM, KSB wrote:
> On 2016.09.28. 17:47, Mike wrote:
>> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
>>> CACert came up in my search. I will look into it. Suggestions always
>>> appreciated since I'm quite comfortable with people out there knowing more
>>> than me.
>>>
>>> I
Am 28.09.2016 um 17:02 schrieb Wolfe, Robert:
> On 09/28/16 09:58 am, Stephen Satchell wrote:
>> For PostFix in particular?
>> For mail servers in general?
>>
>
> What does a Google search tell you?
And for data privacy/security you can have a look into directive
BSI-TR03108 for german email pro
On Wed, Sep 28, 2016 at 07:58:17AM -0700, Stephen Satchell wrote:
> For PostFix in particular?
> For mail servers in general?
AFAIK there is not, other than perhaps the dead-tree books.
A colleague and I have talked about starting one. I'm afraid it
could become very large. We'd probably have
On 2016.09.28. 18:03, KSB wrote:
Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
We also have probably strict HELO:
smtpd_helo_required = yes
smtpd_helo_restrictions =
pe
Bookmarked and all these emails archived. There is nothing like advice from
someone who has done hands on work. And it appears I was a bit hard on Let's
Encrypt, but if a low cost cert is just as good, I rather have the simple
solution.
Steve Gibson's "Security Now" podcast has been covering
On 2016.09.28 12.35, KSB wrote:
On 2016.09.28. 18:03, KSB wrote:
Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
for this, i use the following:
table_directory = ${config_
Am 28.09.2016 um 16:58 schrieb Stephen Satchell:
For mail servers in general?
I suggest MAAWG documents: https://www.m3aawg.org/published-documents
Andreas
Hi,
I'm having a problem with a few different emails with attachments
being rejected due to some pattern in my header checks that I can't
figure out:
Sep 28 09:34:11 mail03 postfix/cleanup[24507]: 31926209EDF9: reject:
header Content-Type: application/vnd.ms-excel;??name="Copy of Net
Commissions
On 9/28/2016 4:15 PM, Alex wrote:
> How can I modify the lines in my header_checks.pcre file to provide
> more info on the specific pattern that's causing the problem instead
> of just "message content rejected" the next time the email is
> received?
Note the log entry may not be the complete unm
Hi,
On Wed, Sep 28, 2016 at 5:46 PM, Noel Jones wrote:
> On 9/28/2016 4:15 PM, Alex wrote:
>
>> How can I modify the lines in my header_checks.pcre file to provide
>> more info on the specific pattern that's causing the problem instead
>> of just "message content rejected" the next time the email
On 9/28/2016 7:04 PM, Alex wrote:
> Hi,
>
> On Wed, Sep 28, 2016 at 5:46 PM, Noel Jones wrote:
>> On 9/28/2016 4:15 PM, Alex wrote:
>>
>>> How can I modify the lines in my header_checks.pcre file to provide
>>> more info on the specific pattern that's causing the problem instead
>>> of just "mess
33 matches
Mail list logo
