Doug Barton:
> > Unlike .forward or files which exist for selected users, injecting
> > envelope data (e.g. user=${user}) into the pipe(8) execution context
> > could allow remote senders to execute code as any user on the system
>
> Yes, that's what I want to do. :) Still easily done with a wrap
*openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)*
CONNECTED(0003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited,
CN = COMODO ECC Certification Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:
I was wondering is it actually advisable to use tls on smtp? When I tried it
out with my self-signed certificates just to see if it's of any convenience
to implement this feature I received the following response:
TLS required, but was not offered by host -or- we do not run TLS engine -or-
certifi
Yes is advicable to enable TLS.
Whats is your OS and Postfix version?
For example, i use Debian.
And when you want to use : ca-certificates.crt
You need to setup as debian expects and it includes your cert in the
ca-certifcate.crt, so thats why i want to know the os and version of postfix.
(
Hi Louis,
Thank you for your input, I appreciate. I have smtpd running OK with all the
key_file, cert_file and so on. I was asking about smtp. These two are
different :-)
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p
Sorry about that, i was thinking your talking about the remote connecting to
you. So, it's you to remote ( so the smtp_tls settings )
I did setup also for client myself, but that more how official you need to have
some things.
Its about the same, for the client setup im using :
# TLS Client (
Well, Viktor was talking about those:
smtp_tls_security_level = encrypt -or- secure
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
and my question was about those as well. You may read it once again since
you have this one set:
smtp_tls_security_level = may
and I think it's not the same
On Wed, Mar 29, 2017 at 04:14:35AM -0700, oakley wrote:
> *openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)*
>
Why on earth are you wasting our time showing results of connections
to an HTTPS service. In every message you post, show the current
*Postfix* configuration, *l
On Wed, Mar 29, 2017 at 05:03:51AM -0700, Den1 wrote:
> I was wondering is it actually advisable to use tls on smtp? When I tried it
> out with my self-signed certificates just to see if it's of any convenience
> to implement this feature I received the following response:
>
> TLS required, but w
On Wed, Mar 29, 2017 at 06:44:54AM -0700, Den1 wrote:
> Well, Viktor was talking about those:
>
> smtp_tls_security_level = encrypt -or- secure
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>
> and my question was about those as well. You may read it once again since
> you have this o
Hi people:
I'm looking to buy/download your recommended books (I prefer electronic ones to
avoid paper) of Postfix;
>From novice to TopGun ones.
Thanks.
Este mensaje de correo electr?nico, incluidos los archivos adjuntos, es para el
uso exclusivo de la persona a la que se ha enviado, y puede co
On 03/29/2017 04:01 AM, Wietse Venema wrote:
Doug Barton:
Unlike .forward or files which exist for selected users, injecting
envelope data (e.g. user=${user}) into the pipe(8) execution context
could allow remote senders to execute code as any user on the system
Yes, that's what I want to do.
Doug Barton:
> On 03/29/2017 04:01 AM, Wietse Venema wrote:
> > Doug Barton:
> >>> Unlike .forward or files which exist for selected users, injecting
> >>> envelope data (e.g. user=${user}) into the pipe(8) execution context
> >>> could allow remote senders to execute code as any user on the system
On 03/29/2017 10:03 AM, Wietse Venema wrote:
Doug Barton:
On 03/29/2017 04:01 AM, Wietse Venema wrote:
Doug Barton:
Unlike .forward or files which exist for selected users, injecting
envelope data (e.g. user=${user}) into the pipe(8) execution context
could allow remote senders to execute code
I came across a bit of an information-passing glitch on a system that
uses a milter (MIMEDefang) to glue together complex filter policies.
MIMEDefang is configured to log sender, first recipient, Message-ID (if
any), and the queue ID, along with some filter result data, for each
message.
Thi
Kris Deugau:
> I came across a bit of an information-passing glitch on a system that
> uses a milter (MIMEDefang) to glue together complex filter policies.
>
> MIMEDefang is configured to log sender, first recipient, Message-ID (if
> any), and the queue ID, along with some filter result data, fo
Thank you Doug,
I fixed the name so the unsupported character "_" is not used.
Please review my latest test, as I have a question.
Is there anything in the DKIM config files I can change to get rid of this
message ?
Authentication-Results: verifier.port25.com; dkim=pass (signature verifies
On 29 March 2017 at 20:36, Fazzina, Angelo wrote:
> Thank you Doug,
>
> I fixed the name so the unsupported character "_" is not used.
>
> Please review my latest test, as I have a question.
>
>
>
> Is there anything in the DKIM config files I can change to get rid of this
> message ?
>
>
>
> *Au
Wietse Venema wrote:
Kris Deugau:
I came across a bit of an information-passing glitch on a system that
uses a milter (MIMEDefang) to glue together complex filter policies.
MIMEDefang is configured to log sender, first recipient, Message-ID (if
any), and the queue ID, along with some filter res
Kris Deugau:
> Mar 29 16:35:14 jessie64 postfix/smtpd[17537]: connect from
> localhost[127.0.0.1]
> Mar 29 16:35:27 jessie64 postfix/smtpd[17537]: 26F5E428A4:
> client=localhost[127.0.0.1]
> Mar 29 16:36:02 jessie64 postfix/cleanup[17556]: 26F5E428A4:
> message-id=
> Mar 29 16:36:03 jessie64 mim
Below are the SMTP commands/responses, and the test-milter output
showing that the second "DATA" event is reported with the correct
queue ID.
Wietse
$ telnet 127.0.0.1 smtp
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220-wzv.porcupine.org ESMTP Postfix
220 wzv.po
L.P.H. van Belle wrote
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers =
> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4
>
> Greetz,
> Louis
Why would you exclude these ciphers and make them medium, Louis?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Po
> On Mar 30, 2017, at 12:03 AM, Den1 wrote:
>
>> smtp_tls_ciphers = medium
>> smtp_tls_exclude_ciphers =
>> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4
>
> Why would you exclude these ciphers
Because:
* MD5 is weak, obsolete and unnecessary
* SRP and PSK require special code to use,
23 matches
Mail list logo
