On Sun, 16 Oct 2022 at 02:12, Viktor Dukhovni
wrote:
>
> The two certificate chains are structurally identical, differing only in
> minor details, such as: dates, keys, hostnames and signatures.
There is another user (hopefully the URL below won't be blocked by the
list) with the same observation
Marek Podmaka:
> On Sun, 16 Oct 2022 at 02:12, Viktor Dukhovni
> wrote:
> >
> > The two certificate chains are structurally identical, differing only in
> > minor details, such as: dates, keys, hostnames and signatures.
>
> There is another user (hopefully the URL below won't be blocked by the
>
On Mon, 17 Oct 2022 at 14:57, Wietse Venema wrote:
>
> For Postfix submission and smtps we prefer
>
> tls_ssl_options = NO_RENEGOTIATION, NO_TICKET
>
> Instead of forcing hostname/cert micmatches.
Yes, I am already using NO_TICKET and it is also recommended by the
linked article.
However it i
Marek Podmaka:
> On Mon, 17 Oct 2022 at 14:57, Wietse Venema wrote:
> >
> > For Postfix submission and smtps we prefer
> >
> > tls_ssl_options = NO_RENEGOTIATION, NO_TICKET
> >
> > Instead of forcing hostname/cert micmatches.
>
> Yes, I am already using NO_TICKET and it is also recommended by
On Mon, Oct 17, 2022 at 03:00:11PM +0200, Marek Podmaka wrote:
> On Mon, 17 Oct 2022 at 14:57, Wietse Venema wrote:
> >
> > For Postfix submission and smtps we prefer
> >
> > tls_ssl_options = NO_RENEGOTIATION, NO_TICKET
> >
> > Instead of forcing hostname/cert micmatches.
>
> Yes, I am alre
>> The two certificate chains are structurally identical, differing only in
>> minor details, such as: dates, keys, hostnames and signatures.
>
> There is another user (hopefully the URL below won't be blocked by the
> list) with the same observation - only 1 of his servers affected and
> switchin
On Mon, 17 Oct 2022 at 15:48, Gerald Galster wrote:
> This is very strange and I can confirm it.
Can you test the other (working) certificate again? In Outlook set the
hostname as per certificate and in local hosts file in Windows force
IP of the destination server for this hostname. This way Ou
On Mon, Oct 17, 2022 at 04:09:25PM +0200, GCore GmbH - Gerald Galster wrote:
> > If possible, please ask the other user whether the alternative
> > certificate again sports a mismatched hostname. It is somewhat
> > plausible that the Microsoft bug doesn't fire when certificate
> > chain validatio
>> This is very strange and I can confirm it.
>
> Can you test the other (working) certificate again? In Outlook set the
> hostname as per certificate and in local hosts file in Windows force
> IP of the destination server for this hostname. This way Outlook
> should not complain about mismatched
Viktor Dukhovni:
> On Mon, Oct 17, 2022 at 04:09:25PM +0200, GCore GmbH - Gerald Galster wrote:
>
> > > If possible, please ask the other user whether the alternative
> > > certificate again sports a mismatched hostname. It is somewhat
> > > plausible that the Microsoft bug doesn't fire when cert
On Mon, Oct 17, 2022 at 05:37:47PM +0200, Gerald Galster wrote:
> >> This is very strange and I can confirm it.
> >
> > Can you test the other (working) certificate again? In Outlook set the
> > hostname as per certificate and in local hosts file in Windows force
> > IP of the destination server f
>> Can you check the certificates' serial numbers?
>> The working one begins with 03 and the problematic one with 04.
>>
>> There are 37 archived certificates for this hostname, 29 begin
>> with "03" and only 8 with "04".
>>
>> Certificates starting with "04" occur since autumn 2019.
>> After tha
Dnia 17.10.2022 o godz. 20:35:11 Gerald Galster pisze:
> >> Certificates starting with "04" occur since autumn 2019.
> >> After that date it's sometimes "03" and sometimes "04".
> >
> > This looks exceedingly unlikely to be relevant.
>
> Very far-fetched, I thought something might be cached or pi
On 10/17/22 16:08, Jaroslaw Rafa wrote:
Dnia 17.10.2022 o godz. 20:35:11 Gerald Galster pisze:
Certificates starting with "04" occur since autumn 2019.
After that date it's sometimes "03" and sometimes "04".
This looks exceedingly unlikely to be relevant.
Very far-fetched, I thought somethin
La da da da...
Original message From: Phil Stracchino
Date: 18/10/22 9:51 AM (GMT+12:00) To: postfix-users@postfix.org Subject: Re:
Outlook TLS errors after Microsoft Windows Update On 10/17/22 16:08, Jaroslaw
Rafa wrote:> Dnia 17.10.2022 o godz. 20:35:11 Gerald Galster pisze
Hi,
just to wrap this up: The flags for lmtp were perfektly set, my "fault"
was to use dovecot lmtp instead of postfix lmtp for mailbox transport -
so no instance were setting the required message headers.
Wietse, thanks for your help!
Am 16.10.2022 14:11 schrieb Wietse Venema:
ha...@po
16 matches
Mail list logo
