Hi
Does anyone have best practices link for postscreen implementation.
Thank you
DP
Sat, 22 Jun 2019 12:48:36 +0530 skrev Durga Prasad Malyala
:
> Hi
> Does anyone have best practices link for postscreen implementation.
>
> Thank you
> DP
The how-to document might be a good start
https://postfix.aptget.dk/POSTSCREEN_README.html
The best,
On 22/6/2019 10:18, Durga Prasad Malyala wrote:
> Hi
> Does anyone have best practices link for postscreen implementation.
http://rob0.nodns4.us/postscreen.html
http://www.postfix.org/POSTSCREEN_README.html
It is a start but I would also like to see more examples and
recommendations in more advan
Am 22.06.19 um 02:49 schrieb Rich Wales:
> Any other suggestions?
I'm still using greylisting with moderate effects. It catches some percent
other AntiSpam technics doesn't
Andreas
Lefteris Tsintjelis:
> On 22/6/2019 10:18, Durga Prasad Malyala wrote:
> > Hi
> > Does anyone have best practices link for postscreen implementation.
>
> http://rob0.nodns4.us/postscreen.html
> http://www.postfix.org/POSTSCREEN_README.html
>
> It is a start but I would also like to see more examp
I figured TLS 1.3 might be the culprit from the logs. The OpenSSL version
shows "OpenSSL 1.1.1 11 Sep 2018" and it was updated recently via Ubuntu.
How might I go about not negotiating TLS 1.3, as it is obvious I need to update
some certificates (which I will worry about later).
Edward Ray
OK, but then I would verify the cert your are using and would still fix this cert since ssllabs says it is not trusted.
The website for “netsecdesign.com” is different than the one for my postfix
gateway. Different machine, different IP address, different cert.
From: on behalf of lists
Date: Friday, June 21, 2019 at 10:13 PM
To: Security Admin , "postfix-users@postfix.org"
Subject: Re: Unable to send or rec
Doh!
!TLSv1.3 added to "main.conf" fixed the issue hopefully.
Will work on updating certificate later...
On 6/22/19, 8:10 AM, "owner-postfix-us...@postfix.org on behalf of Security
Admin (NetSec)" wrote:
I figured TLS 1.3 might be the culprit from the logs. The OpenSSL version
show
" If you are netsecdesign.com, ssllabs says your cert has issues. Not that this
may be your problem, but I would fix that first."
This cert is not the same cert or the same server or the same IP address as my
postfix SMTP gateway.
The postfix SMTP gateway uses a self-signed certificate.
On 6
What is the correct procedure to disable TLS 1.3 negotiation on postfix?
Security Admin (NetSec) skrev den 2019-06-22 19:15:
What is the correct procedure to disable TLS 1.3 negotiation on
postfix?
why ?
i am not an expert, but i think you will not get that to work well, imho
show logs for the problem to get more help
Security Admin (NetSec) skrev den 2019-06-22 19:34:
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: warning: TLS library
problem: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert
illegal parameter:../ssl/record/rec_layer_s3.c:1528:SSL alert number
47:
this is a ssl3 disabled in openssl pr
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: setting up TLS connection from
mail-wr1-f42.google.com[209.85.221.42]
Jun 22 10:31:19 mailgate postfix/smtpd[7180]:
mail-wr1-f42.google.com[209.85.221.42]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
Jun 22 10:31:19 mailgate postfix/smt
Apologies for multiple emails to this list for the same problem.
Some internet searches got me to the right solution.
One of the other posters was correct; it was a certificate issue. Reissued my
cert on my postfix SMTP mail gateways.
All seems to be working now. Gmail defaults to TLS 1.2
I
Security Admin (NetSec) skrev den 2019-06-22 20:20:
I am using Ubuntu Linux and the latest postfix which is 3.3.0
unfortunately
hope google stop failback from tls to ssl :(
good you solved your part of the problem
On 22/6/2019 17:36, Wietse Venema wrote:
Sharing a non-persistent cache (memcache) is the only option because
it can respond with low latency both for old and new queries. But
that of course limits the cache size.
Sharing a persistent cache is not an option because that requires
a DBMS with mil
> On Jun 22, 2019, at 1:30 PM, Benny Pedersen wrote:
>
>> What is the correct procedure to disable TLS 1.3 negotiation on postfix?
>
> why ?
>
> i am not an expert, [...]
Best to hold back in that case... The right answer is:
http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
> On Jun 22, 2019, at 2:20 PM, Security Admin (NetSec)
> wrote:
>
> One of the other posters was correct; it was a certificate issue. Reissued
> my cert on my postfix SMTP mail gateways.
As expected, the keyUsage you had was only appropriate for a CA,
not a TLS server.
> All seems to be w
In my previous post - "How to tell my ISP there's a problem" I wasn't
able to figure out the problem and CenturyLink is no help so I decided
to use my GMail account to send my messages from cron. However I've run
into a problem that I keep getting the message that's in the subject.
I've pasted the
Lefteris Tsintjelis:
> On 22/6/2019 17:36, Wietse Venema wrote:
> >
> > Sharing a non-persistent cache (memcache) is the only option because
> > it can respond with low latency both for old and new queries. But
> > that of course limits the cache size.
> >
> > Sharing a persistent cache is not an
Chris Pollock:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> In my previous post - "How to tell my ISP there's a problem" I wasn't
> able to figure out the problem and CenturyLink is no help so I decided
> to use my GMail account to send my messages from cron. Howev
Anybody on this list having contact to the maintainer / webmaster of
havedane.net ?
It's having dns issues when the TLSA record is queried with qname minimization
active (RFC 7186).
This is a bug in the dns server or dnssec signer and should be fixed.
Otherwise false negatives are generated!
See
On Sat, 2019-06-22 at 19:12 -0400, Wietse Venema wrote:
> Chris Pollock:
>
> Checking application/pgp-signature: FAILURE
> -- Start of PGP signed section.
> > In my previous post - "How to tell my ISP there's a problem" I
> > wasn't
> > able to figure out the problem and CenturyLink is no help so
I don't think you can use gmail as a relay host unless Google is
handling your domain's mail service (a GSuite account - not @gmail.com
addresses). They have instructions for setting this up and the proper
relay host once you've done the admin work is "relayhost =
smtp-relay.gmail.com:587" (at leas
On Sat, Jun 22, 2019 at 08:56:35PM -0500, Chris Pollock wrote:
> I've spent 3hrs going over and over my settings and can't find where
> I've got a problem. My /etc/postfix/sasl_passwd file contains:
>
> smtp.gmail.com:587 chris.pollock1...@gmail.com:*
Since your relayhost set
On Sun, Jun 23, 2019 at 02:10:39AM +0200, Thilo Molitor wrote:
> Anybody on this list having contact to the maintainer / webmaster of
> havedane.net ?
I just sent an email via the contact form.
> It's having dns issues when the TLSA record is queried with qname
> minimization
> active (RFC 71
On Sat, Jun 22, 2019 at 07:38:32PM +0200, Benny Pedersen wrote:
> Security Admin (NetSec) skrev den 2019-06-22 19:34:
>
> > Jun 22 10:31:19 mailgate postfix/smtpd[7180]: warning: TLS library
> > problem: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert
> > illegal parameter:../ssl/record/r
28 matches
Mail list logo
