Hi,
just wanted to let you know that Outlook users might run into problems
submitting mails after Microsoft's latest Windows update.
Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from
Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from
: lost connection
Oct
On Sat, Oct 15, 2022 at 03:32:15PM +0200, Gerald Galster wrote:
> Just wanted to let you know that Outlook users might run into problems
> submitting mails after Microsoft's latest Windows update.
>
> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from
> Oct 15 14:49:42 mx1 postfix
>> Just wanted to let you know that Outlook users might run into problems
>> submitting mails after Microsoft's latest Windows update.
>>
>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from
>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from
>> : lost c
On Sat, Oct 15, 2022 at 06:20:48PM +0200, Gerald Galster wrote:
> With session tickets disabled it logs:
>
> Anonymous TLS connection established from : TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>
> This server does not support TLS 1.3 yet and TLS 1.2 is the only
>
>> With session tickets disabled it logs:
>>
>>Anonymous TLS connection established from : TLSv1.2 with
>>cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>>
>> This server does not support TLS 1.3 yet and TLS 1.2 is the only
>> version currently allowed for submission.
>
> Do you have
On Sat, Oct 15, 2022 at 06:54:56PM +0200, Gerald Galster wrote:
> >> This server does not support TLS 1.3 yet and TLS 1.2 is the only
> >> version currently allowed for submission.
That sounds like a rather old (EOL) version of OpenSSL. TLS 1.3
support was added in OpenSSL 1.1.1 [11 Sep 2018].
This server does not support TLS 1.3 yet and TLS 1.2 is the only
version currently allowed for submission.
>
> That sounds like a rather old (EOL) version of OpenSSL. TLS 1.3
> support was added in OpenSSL 1.1.1 [11 Sep 2018]. Are you using
> OpenSSL 1.1.0 or the even older 1.0.2?
I
On Sat, Oct 15, 2022 at 12:38:31PM -0400, Viktor Dukhovni wrote:
> > > Any chance you could provide (off-list if you prefer) a PCAP recording
> > > of a good and a problem TLS session?
> >
> > I'll send it off-list.
>
> Thanks. I hope that'll shed more light on what's going on.
The diff betwee
Any chance you could provide (off-list if you prefer) a PCAP recording
of a good and a problem TLS session?
>>>
>>> I'll send it off-list.
>>
>> Thanks. I hope that'll shed more light on what's going on.
>
> The diff between the "good" and "bad" handshakes is below. The main
> featur
On Sat, Oct 15, 2022 at 08:31:58PM +0200, Gerald Galster wrote:
> > The most likely issue is a Windows regression with zero length session
> > ids. I don't think there's anything that can be done here, the client
> > indicates support for session tickets, and since OpenSSL is then going
> > to is
Hi,
we heavily use the alias feature and want to know who was the original
recipient for filtering. Our old postfix instance (version 2.11.3) set
this from the beginning - as far as I remember we never changed the
configuration to archive this.
Our new instance (version 3.5.13, not yet live)
>> For the time being I'll disable session tickets (at least) for submission.
>> The performance impact is negligible in my case.
>>
>> Thanks for having a look!
>
> You're welcome. If you have a Microsoft support contract, you should
> ideally file a bug report and refer to:
>
>https://dat
Sorry for not replying to the original thread, I just subscribed.
We have witnessed the same issue on one of our mailservers. Both
servers are the same (postfix/debian), with the same config, both have
letsencrypt certificates.
However we got customer complaints only for 1 server. Renewing the
ce
> We have witnessed the same issue on one of our mailservers. Both
> servers are the same (postfix/debian), with the same config, both have
> letsencrypt certificates.
I'm just curious, which openssl version are you using?
> However we got customer complaints only for 1 server. Renewing the
> c
On Sat, 15 Oct 2022 at 23:24, Gerald Galster wrote:
>
> I'm just curious, which openssl version are you using?
postfix 3.1.15 and openssl 1.1.0l on debian9 still.
> Educating customers to ignore this kind of warning is not a good idea.
> Try to disable session tickets for submission instead:
I
On Sat, Oct 15, 2022 at 09:46:06PM +0200, Gerald Galster wrote:
> > One more PCAP file could shed light on this hypothesis. This would be
> > with tickets enabled on the server, and the client using "pre-update"
> > Windows.
>
> I'll see if I have any pre-update snapshots left.
Turns out that t
On Sat, Oct 15, 2022 at 10:58:01PM +0200, Marek Podmaka wrote:
> Sorry for not replying to the original thread, I just subscribed.
>
> We have witnessed the same issue on one of our mailservers. Both
> servers are the same (postfix/debian), with the same config, both have
> letsencrypt certificat
On Sat, Oct 15, 2022 at 11:50:20PM +0200, Marek Podmaka wrote:
> > > I can provide privately postfix host/port for both working and
> > > non-working certs.
> >
> > Sure.
>
> : for the troubled cert
> : for the working cert (different domain)
The two certificate chains are structurally identical
though the sender IP is not listed in any RBL, outlook still blocks it.
do you know how can I deal with this?
thanks & regards.
though the sender IP is not listed in any RBL, outlook still blocks it.
do you know how can I deal with this?
What was the reject reason given?
They will tell you why and usually provide an URL explaining what needs to be
fixed.
Linux Guy skrev den 2022-10-16 03:03:
though the sender IP is not listed in any RBL, outlook still blocks it.
do you know how can I deal with this?
https://sendersupport.olc.protection.outlook.com/ are your mailserver
added there ?
there rbl lists are internal :/
ask your isp for a ip that
hello experts
if I have added this line into main.cf:
smtpd_client_message_rate_limit = 5
does it mean a common smtp user (not peer MTA) can send 5 messages per 1
min?
Thanks.
22 matches
Mail list logo
