@charite were suddenly encountering several domains that don't seem to
implement STARTTLS properly.
mailq exhibits the following behaviour:
3VRgn515L4zKg2v 443924 Tue Apr 10 10:01:13 sen...@charite.de
(lost connection with mail2.trioncology.org[81.252.237.162] while sending RCPT
TO)
* Ralf Hildebrandt ralf.hildebra...@charite.de:
@charite were suddenly encountering several domains that don't seem to
implement STARTTLS properly.
Some bits from the log:
Apr 12 12:51:08 mail2 postfix/smtp[9289]: Untrusted TLS connection established
to
Some bits from the log:
I was able to isolate the failure inducing change:
The change from libssl1.0.0 1.0.0h-1 to libssl1.0.0 1.0.1-4
(Debian version numbers) broke things.
http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_1.0.1-4/changelog
that's quite a bit of changes.
--
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
ehlo spike.porcupine.org
Nothing happens.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
* Wietse Venema wie...@porcupine.org:
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
ehlo spike.porcupine.org
Nothing happens.
% openssl s_client -starttls smtp
All,
One of my client decided to use Office 365, but some internal servers need
to send some emails.
So I've an issue with the authentication mechanisms with the smtp client.
Here is an extract of the conf
broken_sasl_auth_clients = yes
cyrus_sasl_config_path =
* Franck MAHE m...@civis.net:
All,
One of my client decided to use Office 365, but some internal servers need
to send some emails.
So I've an issue with the authentication mechanisms with the smtp client.
Here is an extract of the conf
broken_sasl_auth_clients = yes
Hi,
Here is my TLS Setting for smtp client
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/tls/cacert.pem
smtp_tls_loglevel = 4
And the TLS log
Apr 12 15:32:19 fsrvpsg02 postfix/qmgr[11813]: 206231F85:
from=root@domain, size=419, nrcpt=1 (queue active)
Apr 12 15:32:19 fsrvpsg02
Am 12.04.2012 15:40, schrieb Franck MAHE:
Microsoft ESMTP MAIL Service
i fear you are wrong here because this is the
postfix-list and it is clearly a problem on
the microsoft machine not offering any
auth mech
signature.asc
Description: OpenPGP digital signature
On Thu, Apr 12, 2012 at 02:59:05PM +0200, Ralf Hildebrandt wrote:
* Wietse Venema wie...@porcupine.org:
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
ehlo
On Thu, Apr 12, 2012 at 03:40:57PM +0200, Franck MAHE wrote:
smtp_tls_loglevel = 4
Do not set the loglevel to a value higher than 1 unless asked to
by a TLS expert. The extra noise in the logs will just hide the
real problem. If you want packet-by-packet analysis, just use
tcpdump and analyse
On 4/12/2012 7:59 AM, Ralf Hildebrandt wrote:
* Wietse Venema wie...@porcupine.org:
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
250 OK
ehlo spike.porcupine.org
Nothing
On Thu, Apr 12, 2012 at 09:04:01AM -0500, Noel Jones wrote:
My main.cf has a note-to-self about this same cipher being broken on
some old Windows versions in the distant past. Maybe an old bug has
resurfaced.
Possible workaround:
smtpd_tls_exclude_ciphers = DES-CBC3-SHA
Viktor Dukhovni:
On Thu, Apr 12, 2012 at 02:59:05PM +0200, Ralf Hildebrandt wrote:
* Wietse Venema wie...@porcupine.org:
openssl s_client sessions fail identically with 77.43.17.211
and 81.252.237.162.
% openssl s_client -starttls smtp -connect 77.43.17.211:25
...
Reindl,
Am 12.04.2012 15:50, schrieb Reindl Harald:
Am 12.04.2012 15:40, schrieb Franck MAHE:
Microsoft ESMTP MAIL Service
i fear you are wrong here because this is the
postfix-list and it is clearly a problem on
the microsoft machine not offering any
auth mech
you are wrong.
As shown by
I changed it and provided a level 1 log ;-)
Franck
---
M: +33 6 6042 7249
E: m...@civis.net
-Message d'origine-
De : owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] De la part de Viktor Dukhovni
Envoyé : jeudi 12
Don't think so, without authent,
Apr 12 16:08:35 server postfix/pickup[11812]: 6C9C122F8: uid=0 from=root
Apr 12 16:08:35 server postfix/cleanup[19570]: 6C9C122F8:
message-id=20120412140835.6C9C122F8@domain
Apr 12 16:08:35 server postfix/qmgr[11813]: 6C9C122F8: from=root@domain,
size=419, nrcpt=1
Franck MAHE:
Apr 12 16:08:35 server postfix/pickup[11812]: 6C9C122F8: uid=0 from=root
Apr 12 16:08:35 server postfix/cleanup[19570]: 6C9C122F8:
message-id=20120412140835.6C9C122F8@domain
Apr 12 16:08:35 server postfix/qmgr[11813]: 6C9C122F8: from=root@domain,
size=419, nrcpt=1 (queue active)
On Thu, Apr 12, 2012 at 10:13:16AM -0400, Wietse Venema wrote:
My results are different, perhaps they've already fixed something ...
$ /usr/sbin/sendmail -f post...@dukhovni.org -bv postmaster@[82.135.27.153]
...
Note that the cipher is RC4-MD5 (more typical of Windows), not 3DES
Already done ;-)
I did a test after the removal of the credentials, just to show that without
that, the connection failed.
The issue is more with
Apr 12 16:27:58 server postfix/smtp[22637]: setting up TLS connection to
pod51013.outlook.com[157.55.9.168]:587
Apr 12 16:27:58 server
Viktor Dukhovni:
Which is not a hang after EHLO. These systems may not support consecutive
EHLO commands, or may treat them as evidence of unwanted client behaviour.
You may need to proceed to MAIL after EHLO to see whether they are really
stuck.
It also hangs with MAIL and QUIT.
Franck MAHE:
Apr 12 16:27:58 server postfix/smtp[22637]: 177401EEA: to=mahe@domain,
relay=pod51013.outlook.com[157.55.9.168]:587, delay=0.31,
delays=0.06/0.02/0.22/0, dsn=4.7.0, status=deferred (SASL authentication
failed; cannot authenticate to server pod51013.outlook.com[157.55.9.168]: no
All the modules on my side are installed. I pay attention to the last line.
How can I force an authen mechanism?
Thanks
Franck
---
M: +33 6 6042 7249
E: m...@civis.net
-Message d'origine-
De : owner-postfix-us...@postfix.org
On Thu, Apr 12, 2012 at 05:26:54PM +0200, Franck MAHE wrote:
All the modules on my side are installed. I pay attention to the last line.
Either in fact some modules are NOT installed or they're disabled
them via one of:
smtp_sasl_security_options = noplaintext, noanonymous
Franck, with all due respect I don't think you noticed the last line
no mechanism available on your pod51013.outlook.com[157.55.9.168]
server. You should go back and read http://www.postfix.org/SASL_README.html
/etc/postfix/main.cf:
# Postfix 2.3 and later
smtpd_sasl_path = smtpd
I
Le 11/04/2012 04:40, Rich a écrit :
It is postfix. It is being sent back to mail. It seems to be sent back to
the mx mail server from archive.
time for
http://www.postfix.org/DEBUG_README.html
PS. please, do not top post:
http://en.wikipedia.org/wiki/Posting_style
On
Hi All,
I am in condition of worst and had bad luck .
my postfix queue data got increased to 850MB in size that is
/data/postfix/queue directory
all mail in this directory got stuck because the server hardware is down i
had removed that hard drive and attached to another linux server and
On 4/12/2012 11:51 PM, kshitij mali wrote:
my postfix queue data got increased to 850MB in size that is
/data/postfix/queue directory
all mail in this directory got stuck because the server hardware is down i
had removed that hard drive and attached to another linux server and
configured the
28 matches
Mail list logo