On 2024/3/25 12:05, Viktor Dukhovni via Postfix-users wrote:
On Mon, Mar 25, 2024 at 12:00:12PM +0800, Cowbay via Postfix-users wrote:
On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote:
I checked posttls-finger on my another container which is Ubuntu
22.04.4, posttls-finger still
On Mon, Mar 25, 2024 at 12:00:12PM +0800, Cowbay via Postfix-users wrote:
> On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote:
> > > I checked posttls-finger on my another container which is Ubuntu
> > > 22.04.4, posttls-finger still doesn't support ipv6, weird.
> >
> > It isn't
On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote:
I checked posttls-finger on my another container which is Ubuntu
22.04.4, posttls-finger still doesn't support ipv6, weird.
It isn't posttls-finger that does not support "ipv6", but rather your
network stack.
It's still weird
On Mon, Mar 25, 2024 at 10:08:59AM +0800, Cowbay via Postfix-users wrote:
> On 2024/3/25 01:12, Viktor Dukhovni via Postfix-users wrote:
> > > If the "posttls-finger" has the identical behavior as postfix, then I
> > > could write a simple cronjob script to "finger" the
> > > smtp.gmail.com:465.
>
On 2024/3/25 01:12, Viktor Dukhovni via Postfix-users wrote:
If the "posttls-finger" has the identical behavior as postfix, then I
could write a simple cronjob script to "finger" the
smtp.gmail.com:465.
Not necessarily 100% identical, but quite close.
It seems not perfect. :(
$
On Sun, Mar 24, 2024 at 11:34:35PM +0800, Cowbay via Postfix-users wrote:
> > You might not get to observe the problem for quite some time (if ever
> > again).
>
> I'm quite seldom sending mail by gmail via my postfix server.
>
> If the "posttls-finger" has the identical behavior as postfix,
On 2024/3/24 00:49, Viktor Dukhovni via Postfix-users wrote:
and also "posttls-finger" as in the example I posted.
You might not get to observe the problem for quite some time (if ever
again).
I'm quite seldom sending mail by gmail via my postfix server.
If the "posttls-finger" has the
On Sat, Mar 23, 2024 at 06:24:50PM +0800, Cowbay via Postfix-users wrote:
> My smtp_tls_policy_maps points to a hash table and the relevant entry is
> [smtp.gmail.com]:465secure
OK, nothing unusual there.
> > No, the self-signed certificate might have been some root CA that isn't
On Sat, Mar 23, 2024 at 08:04:18AM -0400, Wietse Venema via Postfix-users wrote:
> Please note that Postfix does not automatically use the "system"
> root CA store that openssl s_client and curl may use. That could
> result in verification differences between Postfix and other tools.
>
>
On 2024/3/23 20:04, Wietse Venema via Postfix-users wrote:
Cowbay via Postfix-users:
So, I will collect necessary information next time I encounter this
issue as what Viktor suggested.
Please note that Postfix does not automatically use the "system"
root CA store that openssl s_client and
Cowbay via Postfix-users:
> So, I will collect necessary information next time I encounter this
> issue as what Viktor suggested.
Please note that Postfix does not automatically use the "system"
root CA store that openssl s_client and curl may use. That could
result in verification differences
On 2024/3/23 04:57, Wietse Venema via Postfix-users wrote:
Unleess you can hand over the certificate that Postfix complained
about, you have not proven that Postfix was in error.
You are right, I can't guarantee if the certificate openssl dumped was
the one Postfix encountered.
Unleess you can hand over the certificate that Postfix complained
about, you have not proven that Postfix was in error.
Specifically, yout tests with curl and openssl s_client may have
used a different IP address than Postfix, because the smtp.gmail.com
IP address changes frequently.
The
On Wed, Mar 20, 2024 at 10:25:26PM +0800, Cowbay via Postfix-users wrote:
> I'm using debian 10, an old debian distribution. The Postfix version is
> 3.4.23.
The base 4.0 release is ~5 years old, but not materially different in
its core TLS functionality. You'd see the same results with the
On 2024/3/20 22:25, Cowbay via Postfix-users wrote:
Below is openssl example:
8<8<8<
$ openssl s_client -4 -connect smtp.gmail.com:465 -CAfile
/etc/ssl/certs/ca-certificates.crt
CONNECTED(0003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
15 matches
Mail list logo
