On Wednesday 09 June 2010 06:39:16 Khawaja M. Jawad wrote:
Thanks for the answer over a silly question J.Roeleveld.
There are no silly/stupid questions, only silly/stupid answers :)
It was a firewall issue, I added rule for localhost to connect at port 25.
Issue is resolved.
Even though I
Hi Viktor,
thanks for your answer but that does not answer by question. Is the
/etc/ssl/certs directory loaded also by default ? I did the test:
smtp_tls_CApath = /foo/bar
I added/hashed some certs in /foo/bar
When postfix connects to a smtp server (tls verify), certificates
issued by CAs from
Please do not top-post your replies. Thank you.
On Wed, Jun 09, 2010 at 10:22:16AM +0200, Jan C. wrote:
thanks for your answer but that does not answer by question. Is the
/etc/ssl/certs directory loaded also by default ? I did the test:
Postfix postconf(5) defaults can be shown with the
Hi,
Um, no. By default Postfix is not going to use TLS at all. When
activated, by default, no certificate verification is done at all.
Consult your distributor's package documentation if they have set
different defaults.
If I set smtp_tls_CApath to /etc/ssl/certs and then again to something
On Wed, Jun 9, 2010 at 02:43, J. Roeleveld jo...@antarean.org wrote:
Even though I have considered it myself as well once, I am curious as to why
someone would put a firewall on localhost?
Other applications could become compromised by spammy virii that
exploited their vulnerabilities and
Stan Hoeppner:
Noel Jones put forth on 6/8/2010 8:58 AM:
and while I've never met anyone named Wietse, I seem to remember seeing
that name in the postfix copyright statement. His advice might be worth
paying attention to.
https://researcher.ibm.com/researcher/view.php?person=us-wietse
Actually, this step is not needed to reproduce it :
Now I set:
~ $ postconf -e smtp_tls_CApath=/etc/ssl/certs/
and reload postfix
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
regards,
Jan
Hello,
I used to have a old SMTP server, with after-queue content filtering. My new
setup involve a before-queue content filter (amavisd). Unfortunately, Amavisd
is a little bit strict about the smtp session: it bounces email sent using
MAIL FROM: address instead of MAIL FROM:address.
It's ok
Jan C.:
Actually, this step is not needed to reproduce it :
Now I set:
~ $ postconf -e smtp_tls_CApath=/etc/ssl/certs/
and reload postfix
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
Victor will have to
Proniewski Patrick:
Hello,
I used to have a old SMTP server, with after-queue content filtering.
My new setup involve a before-queue content filter (amavisd).
Unfortunately, Amavisd is a little bit strict about the smtp
session: it bounces email sent using MAIL FROM: address instead
of
On Wed, Jun 09, 2010 at 11:25:50AM -0400, Wietse Venema wrote:
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
This is done primarily by OpenSSL, but as Wietse observes:
Victor will have to confirm or deny this,
Hello,
ok then t least I know what's the origin of the behavior I had.
On Wed, Jun 9, 2010 at 6:12 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
I guess our documentation has never promised the use of system CAs when
CApath or CAfile are set, failing to override the system
On Wed, Jun 09, 2010 at 06:30:59PM +0200, Jan C. wrote:
Hello,
ok then t least I know what's the origin of the behavior I had.
On Wed, Jun 9, 2010 at 6:12 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
I guess our documentation has never promised the use of system CAs when
On Wed, Jun 9, 2010 at 6:35 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
Probably, although I don't think we've reached a final decision yet...
My preference is to not trust some random list of CAs that came with the
O/S OpenSSL package when the user specifies an explicit
On Wed, Jun 09, 2010 at 06:39:26PM +0200, Jan C. wrote:
On Wed, Jun 9, 2010 at 6:35 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
Probably, although I don't think we've reached a final decision yet...
My preference is to not trust some random list of CAs that came with the
Victor Duchovni:
On Wed, Jun 09, 2010 at 11:25:50AM -0400, Wietse Venema wrote:
to sum it up, when smtp_tls_CApath is not empty, CAs from
/etc/ssl/certs are trusted regardless the value of smtp_tls_CApath.
This is done primarily by OpenSSL, but as Wietse observes:
Victor will have
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
Jun 9 13:20:50 hobbes postfix/smtp[7398]:
On Wed, Jun 09, 2010 at 01:34:53PM -0400, Wietse Venema wrote:
I guess our documentation has never promised the use of system CAs when
CApath or CAfile are set, failing to override the system settings is
counter-intuitive, so I can support this change. We'll also have to
document the
Hi:
I've a question about setting up postfix in a chroot on a Linux RHEL5
setup. I'm using the RedHat package of postfix (Version 2.3.3) which was
installed with the RedHat install. Everything is working fine, but now I
want to chroot it. On the Postfix website, it says:
In order to enable
2010/6/9 fred.schnit...@vpcl.on.ca:
Hi:
I've a question about setting up postfix in a chroot on a Linux RHEL5 setup.
I'm using the RedHat package of postfix (Version 2.3.3) which was installed
with the RedHat install. Everything is working fine, but now I want to
chroot it. On the Postfix
Le 09/06/2010 19:35, Philippe Chaintreuil a écrit :
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
Philippe Chaintreuil:
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
Jun 9 13:20:50
On Wed, 9 Jun 2010, Olivier MJ Crepin-Leblond wrote:
Le 09/06/2010 19:35, Philippe Chaintreuil a ?crit :
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
On Wed, Jun 09, 2010 at 01:35:03PM -0400, Philippe Chaintreuil wrote:
One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has
not been accepting it, they don't give a reason, they just disconnect
after getting the whole message:
On 6/9/2010 10:11 AM, Proniewski Patrick wrote:
Hello,
I used to have a old SMTP server, with after-queue content filtering. My new setup involve a before-queue
content filter (amavisd). Unfortunately, Amavisd is a little bit strict about the smtp session: it
bounces email sent using MAIL
On 6/9/10 5:34 PM, Victor Duchovni wrote:
Make sure you don't have window-scaling enabled on your MTA, and that
path MTU discovery works through your firewall. If that does not solve it,
see other suggestions in thread.
I turned off my firewall (iptables) and the issue still occurs. I
Victor Duchovni:
I guess our documentation has never promised the use of system CAs when
CApath or CAfile are set, failing to override the system settings is
counter-intuitive, so I can support this change. We'll also have to
document the semantics of CAfile == CApath == empty.
Why do we have
I'm most likely doing it wrong:
$ postmulti -i postfix-out -x mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
1BCBD1DF86 2622 Mon Jun 7 03:02:34
boskop-svn-bounces+trac=trac.incertum@lists.incertum.net
(connect to trac.incertum.net[85.214.20.182]:25:
* Stefan Foerster cite+postfix-us...@incertum.net:
I'm most likely doing it wrong:
$ postmulti -i postfix-out -x mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
1BCBD1DF86 2622 Mon Jun 7 03:02:34
boskop-svn-bounces+trac=trac.incertum@lists.incertum.net
29 matches
Mail list logo