> hello Ken. Yes, I missed that part of what you were trying to
>say. You're right, I didn't try that. I'm not sure that's possible
>when configuring SSL with sendmail.
It looks like as long as you have the "O ClientCertFile" and
"O ClientKeyFile" options commented out it won't use one
hello Ken. Yes, I missed that part of what you were trying to say.
You're right, I
didn't try that. I'm not sure that's possible when configuring SSL with
sendmail. I elected
to arrange for sendmail to hav access to valid public certificates so it could
present a
certificate both as
> hello Ken. It may be that the RFC says the client need not
>present a valid certificate, but I have found that smtp clients I
>manage that want to send mail to Microsoft managed domains cannot set
>up an SSL encrypted smtp session unless the client presents a valid
>certificate as part of
an smtp-auth situation where an individual user is
authenticating to a
smtp service, but rather server-to-server communications where two smtp MTA
agents want to
exchange mail with each other.
-thanks
-Brian
On Nov 14, 9:30am, Ken Hornstein wrote:
} Subject: Re: openssl3+postfix issue (ca md
On Mon, Nov 13, 2023 at 08:34:04PM +0100, Manuel Bouyer wrote:
> Hello
> I'm facing an issue with postfix+openssl3 which may be critical (depending
> on how it can be fixed).
>
> Now my postfix setup fails to send mails with
> Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library
> Hello Taylor. Just as a point of reference, smtp clients that
>connect to domains hosted by Microsoft, i.e. outlook.com and any other
>domains that use their infrastructure for e-mail, will have to present
>a valid SSL certificate in order to submit mail to their smtp servers.
I do not
On Mon, Nov 13, 2023 at 07:16:14PM -0800, Brian Buhrow wrote:
> Hello Taylor. Just as a point of reference, smtp clients that connect
> to domains hosted by
> Microsoft, i.e. outlook.com and any other domains that use their
> infrastructure for e-mail, will
> have to present a valid SSL
On Tue, Nov 14, 2023 at 02:39:53AM +, Taylor R Campbell wrote:
> [trimming tech-crypto from cc because this is a policy and
> configuration issue, not a cryptography issue]
>
> > Date: Mon, 13 Nov 2023 20:34:04 +0100
> > From: Manuel Bouyer
> >
> > I'm facing an issue with postfix+openssl3
Hello Taylor. Just as a point of reference, smtp clients that connect
to domains hosted by
Microsoft, i.e. outlook.com and any other domains that use their infrastructure
for e-mail, will
have to present a valid SSL certificate in order to submit mail to their smtp
servers. But
that
On Tuesday, November 14, 2023 3:39:53 AM CET Taylor R Campbell wrote:
> Unless anything has changed in the past couple years, I don't think
> there is any widespread deployment of SMTP TLS server authentication
> that means anything for general MTAs -- at best, TLS in SMTP serves as
>
[trimming tech-crypto from cc because this is a policy and
configuration issue, not a cryptography issue]
> Date: Mon, 13 Nov 2023 20:34:04 +0100
> From: Manuel Bouyer
>
> I'm facing an issue with postfix+openssl3 which may be critical (depending
> on how it can be fixed).
>
> Now my postfix
Manuel Bouyer wrote in
:
...
|No, I need a strong encrypted connection
You surely have stripped the most relevant quote.
Other than that i cannot help.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem
Manuel Bouyer wrote in
:
|On Mon, Nov 13, 2023 at 10:24:56PM +0100, Steffen Nurpmeso wrote:
|> Manuel Bouyer wrote in
|> :
|>|Hello
|>|I'm facing an issue with postfix+openssl3 which may be critical (dependi\
|>|ng
|>|on how it can be fixed).
|>|
|>|Now my postfix setup fails to send
Maybe rebuild Postfix with the option -DSSL_SECOP_PEER ? That causes
Postfix to always set security level 0 when using TLS.
Cheers,
Lloyd
On Tue, Nov 14, 2023 at 11:10:16AM +1300, Lloyd Parkes wrote:
>
>
> On 14/11/23 10:56, Joerg Sonnenberger wrote:
> >
> > NIST has been sunsetting SHA1 for a long time, 2016 in fact. In many cases,
> > there is a better trust chain
> > for Comodo intermediary certificates and admins should be
On Mon, Nov 13, 2023 at 10:56:00PM +0100, Joerg Sonnenberger wrote:
> On Monday, November 13, 2023 8:34:04 PM CET Manuel Bouyer wrote:
> > Hello
> > I'm facing an issue with postfix+openssl3 which may be critical (depending
> > on how it can be fixed).
> >
> > Now my postfix setup fails to send
On 14/11/23 10:56, Joerg Sonnenberger wrote:
NIST has been sunsetting SHA1 for a long time, 2016 in fact. In many cases,
there is a better trust chain
for Comodo intermediary certificates and admins should be installing those.
I'm not sure that's what Comodo has, even though it is the
On Mon, Nov 13, 2023 at 10:58:38PM +0100, Steffen Nurpmeso wrote:
> Manuel Bouyer wrote in
> :
> |On Mon, Nov 13, 2023 at 10:24:56PM +0100, Steffen Nurpmeso wrote:
> |> Manuel Bouyer wrote in
> |> :
> |>|Hello
> |>|I'm facing an issue with postfix+openssl3 which may be critical (dependi\
>
On Monday, November 13, 2023 8:34:04 PM CET Manuel Bouyer wrote:
> Hello
> I'm facing an issue with postfix+openssl3 which may be critical (depending
> on how it can be fixed).
>
> Now my postfix setup fails to send mails with
> Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library
On Mon, Nov 13, 2023 at 10:24:56PM +0100, Steffen Nurpmeso wrote:
> Manuel Bouyer wrote in
> :
> |Hello
> |I'm facing an issue with postfix+openssl3 which may be critical (depending
> |on how it can be fixed).
> |
> |Now my postfix setup fails to send mails with
> |Nov 13 20:20:53 comore
Manuel Bouyer wrote in
:
|Hello
|I'm facing an issue with postfix+openssl3 which may be critical (depending
|on how it can be fixed).
|
|Now my postfix setup fails to send mails with
|Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem: \
|error:0A00018E:SSL
Hello
I'm facing an issue with postfix+openssl3 which may be critical (depending
on how it can be fixed).
Now my postfix setup fails to send mails with
Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem:
error:0A00018E:SSL routines::ca md too
22 matches
Mail list logo
