Re: SSL/TLS

2015-07-28 Thread SSL
thanks for advices . i rewite smtpd.conf pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth listen

Re: SSL/TLS

2015-07-28 Thread Mariano Baragiola
In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: SSL/TLS

2015-07-28 Thread SSL
On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. thanks lot . i rewrite smtpd.conf pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt

Re: SSL/TLS

2015-07-28 Thread Denis Fondras
are there open relay when ' accept from local for any relay' is replaced . Nope ! from local means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) -- You

Re: SSL/TLS

2015-07-28 Thread SSL
i follow you . On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. surely i can send mail from x...@aoiyuma.mydns.jp to x...@aoiyuma.mydns.jp but cannod

Re: SSL/TLS

2015-07-28 Thread Herbert J. Skuhra
On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote: On 2015e9407f28f% 20:50, Denis Fondras wrote: are there open relay when ' accept from local for any relay' is replaced . Nope ! from local means that only the machine running OpenSMTPd or any *authenticated* client can relay.

Re: SSL/TLS

2015-07-28 Thread SSL
i rewrite smtpd.conf by auth-optional this one allow to mail to from gmail.com . -by https://www.opensmtpd.org/smtpd.conf.5.html If *auth-optional* is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail

Re: SSL/TLS

2015-07-28 Thread SSL
Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the translation site because this is written in Japanese. For example, https://translate.google.co.jp/?hl=ja --

Re: SSL/TLS

2015-07-27 Thread Seth
to accomplish this goal. OpenBSD also provides spamd which, along with a few selected real time black lists added to the mix, makes a very effective spam filter. but i want to use conection secrity SSL/TLS . how to do it ? The smptd.conf(5) man page documents key generation in the EXAMPLES

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-10 Thread John Cox
On Mon, 9 Jun 2014 10:16:43 +0200, you wrote: On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: Hi That's not correct no, I get plenty of TLS 1.0 trafic and it has been the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread John Cox
Hi That's not correct no, I get plenty of TLS 1.0 trafic and it has been the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck every now and again I see SSLv2 attempts which for

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread Gilles Chehade
On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: Hi That's not correct no, I get plenty of TLS 1.0 trafic and it has been the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread Adam Suhl
I think at build time you can fine-tune which ciphers you want by editing ssl.h -- in particular the SSL_CIPHERS define. --Adam On Mon, 9 Jun 2014, Gilles Chehade wrote: On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: Hi That's not correct no, I get plenty of TLS 1.0 trafic

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-08 Thread Gilles Chehade
is: Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. This can certainly be improved without adding ssl_ciphers knob I'm not a mail expert, but my feeling is that secured email hasn't been