Re: SSL/TLS

2015-07-28 Thread SSL
very sorry , i forgot to write URL . it is http://aoiyuma.mydns.jp/mydns-MS.html On 2015e9407f29f% 06:22, SSL wrote: Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the

Re: SSL/TLS

2015-07-28 Thread SSL
Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the translation site because this is written in Japanese. For example, https://translate.google.co.jp/?hl=ja -- t

Re: SSL/TLS

2015-07-28 Thread SSL
i rewrite smtpd.conf by auth-optional this one allow to mail to & from gmail.com . -by https://www.opensmtpd.org/smtpd.conf.5.html If *auth-optional* is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail fro

Re: SSL/TLS

2015-07-28 Thread Herbert J. Skuhra
On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote: > > > On 2015e9407f28f% 20:50, Denis Fondras wrote: > >>are there open relay when ' accept from local for any relay' is replaced . > >> > >Nope ! > >"from local" means that only the machine running OpenSMTPd or any > >*authenticated* clie

Re: SSL/TLS

2015-07-28 Thread tuyosi
On 2015e9407f28f% 20:50, Denis Fondras wrote: are there open relay when ' accept from local for any relay' is replaced . Nope ! "from local" means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the m

Re: SSL/TLS

2015-07-28 Thread Denis Fondras
> are there open relay when ' accept from local for any relay' is replaced . > Nope ! "from local" means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) -- You r

Re: SSL/TLS

2015-07-28 Thread SSL
On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. thanks lot . i rewrite smtpd.conf pki mail.aoiyuma.mydns.jp certificate "/etc/ssl/mail.aoiyuma.mydns.jp.crt

Re: SSL/TLS

2015-07-28 Thread SSL
i follow you . On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. surely i can send mail from x...@aoiyuma.mydns.jp to x...@aoiyuma.mydns.jp but cannod send

Re: SSL/TLS

2015-07-28 Thread Mariano Baragiola
In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: SSL/TLS

2015-07-28 Thread SSL
thanks for advices . i rewite smtpd.conf pki mail.aoiyuma.mydns.jp certificate "/etc/ssl/mail.aoiyuma.mydns.jp.crt" pki mail.aoiyuma.mydns.jp key "/etc/ssl/private/mail.aoiyuma.mydns.jp.key" listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth list

Re: SSL/TLS

2015-07-27 Thread Denis Fondras
Are you really sure you want to open-relay your server to .JP ? If not, remove this line : > accept from source for any relay -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: SSL/TLS

2015-07-27 Thread Seth
goal. OpenBSD also provides spamd which, along with a few selected real time black lists added to the mix, makes a very effective spam filter. but i want to use conection secrity SSL/TLS . how to do it ? The smptd.conf(5) man page documents key generation in the EXAMPLES section near th

SSL/TLS

2015-07-27 Thread SSL
as deliver to maildir accept for local deliver to maildir accept from source for any relay reject from any for any in this setting i can mail to X.gmail.com . but i want to use conection secrity SSL/TLS . how to do it ? --

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-10 Thread John Cox
On Mon, 9 Jun 2014 10:16:43 +0200, you wrote: >On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: >> Hi >> >> >>That's not correct no, I get plenty of TLS 1.0 trafic and it has been >> >>the case for many years >> > >> >To parrot this on all of my various instances OpenSMTPD and not I get

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread Gilles Chehade
yes, but DONT DO THAT unless you know what you're doing. you have been warned: smtpd is safe by default and provide a SSL_CIPHERS that has been tested and verified to be safe. changes that seem fine can effectively break the security and interoperability. unless you know how openssl/libressl manag

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread Adam Suhl
I think at build time you can fine-tune which ciphers you want by editing ssl.h -- in particular the SSL_CIPHERS define. --Adam On Mon, 9 Jun 2014, Gilles Chehade wrote: > On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: > > Hi > > > > >>That's not correct no, I get plenty of TLS 1.0 t

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread Gilles Chehade
On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: > Hi > > >>That's not correct no, I get plenty of TLS 1.0 trafic and it has been > >>the case for many years > > > >To parrot this on all of my various instances OpenSMTPD and not I get tons > >of TLS 1.0 and SSLv3 traffic, I wish I didn't

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread John Cox
Hi >>That's not correct no, I get plenty of TLS 1.0 trafic and it has been >>the case for many years > >To parrot this on all of my various instances OpenSMTPD and not I get tons >of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck >every now and again I see SSLv2 attempts whi

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-08 Thread Clint Pachl
lnerable to information disclosure" because of the initialization vector implementations in SSLv3 and TLSv1.0. Thier stated resolution is: "Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers.&

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-08 Thread Barbier, Jason
>That's not correct no, I get plenty of TLS 1.0 trafic and it has been >the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck every now and again I see SSLv2 attempts which for mos

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-08 Thread Gilles Chehade
ecause of the initialization vector implementations > in SSLv3 and TLSv1.0. > > Thier stated resolution is: > > "Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. > Configure SSL/TLS servers to only support cipher suites that do not use > block ciphers

How to configure encryption ciphers and SSL/TLS protocols

2014-06-07 Thread Clint Pachl
My PCI-DSS vendor, Security Metrics, states that smtpd is "vulnerable to information disclosure" because of the initialization vector implementations in SSLv3 and TLSv1.0. Thier stated resolution is: "Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Config