Ok, very interesting, I've gone through all the settings with the postfinger,
and it looked ok.So I tried just telnetting in to port 25 locally, and oddly
enough it showed starttls :-) ?So I did a 'openssl s_client -starttls smtp ...
' on port 25 locally, and that showed the certificate and chai
After a lot of opposition from the Firewall dude "The Cisco can't do that!", he
gave in as I found the configuration setting in Cisco, and the documentation
clearly stated it was enabled by default, he disabled the feature in the
firewall cluster, and lo and behold, the starttls appeared as by m
Hi,
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so
I came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tl
Hi list,
I am experiencing an issue with my postfix setup.
The desired results:
We use an appliance that archives all mails (incoming and outgoing) - due to
laws that have been enforced here in Germany.
The documentation of the appliance states, that the main.cf should be updated
with the foll
On 23/11/17 09:30, Jonathan Sélea wrote:
> My question is, can I improve this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>
If the remote host does not support the cyphers you deploy, then you
ha
On 23/11/17 09:30, Jonathan Sélea wrote:
>
> My question is, can I improve this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>
Thinking at a tangent, if your messages are particularly sensitive, y
On Thu, 23 Nov 2017, Jonathan Sélea wrote:
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so I
came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smt
Thanks both Allen and Dirk :)
The ciphers should be supported by many server because thoose are used
by TLS1.0 to 1.2. So I think they should be fine. I hope :)
I did not get some real criticism yet about some stupid ciphers so I
consider my current one OK.
Regarding Allen's suggestion about
On 2017-11-23 01:30, Jonathan Sélea wrote:
Hi,
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so
I came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
s
Thanks you very much!
Very informative!
On 2017-11-23 16:03, Mel Pilgrim wrote:
> On 2017-11-23 01:30, Jonathan Sélea wrote:
>> Hi,
>>
>> I did struggle alot to understand and deploy a secure cipher list that
>> https://hardenize.com and https://ssl-tool.net would not complain on, so
>> I came up
On 23 Nov 2017, at 5:28 (-0500), Niclas Rautenhaus wrote:
The symptoms:
I am not yet sure whether all incoming mails are affected or not, but
at least sometimes I get the following entry in my mailq (and
respecively the mail.log):
508676044335318 Mon Nov 13 16:04:20 u...@externaldomain.t
11 matches
Mail list logo
