On Thu, Feb 03, 2022 at 01:39:44PM -0500, Martin Hicks wrote:
> The only configuration change I made in response to this discussion was
> to disable smtpd_tls_ask_ccert - I'm not sure why this was ever enabled.
>
> I'll update in a week or two when I see another e-mail from aircanada.
You can
On Thu, Feb 03, 2022 at 07:27:30PM +0100, Matus UHLAR - fantomas wrote:
> > On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
> > > sorry, the third one is not expired:
> > >
> > > Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> > > Validity
>
Wietse Venema:
> Look in your LOGS.
>
> http://www.postfix.org/DEBUG_README.html#logging
In particular, logs that the message is handled by your filter,
to eliiminate basic mistakes.
Wietse
> Look for obvious signs of trouble
> =
> Postfix logs all
On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
sorry, the third one is not expired:
Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
Validity
Not Before: Jan 20 19:14:03 2021 GMT
Not After : Sep 30 18:14:03 2024 GMT
Look in your LOGS.
http://www.postfix.org/DEBUG_README.html#logging
Wietse
Look for obvious signs of trouble
=
Postfix logs all failed and successful deliveries to a logfile.
When Postfix uses syslog logging (the default), the file is usually
called
On Thu, Feb 03, 2022 at 06:51:09PM +0100, Matus UHLAR - fantomas wrote:
> sorry, the third one is not expired:
>
> Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> Validity
> Not Before: Jan 20 19:14:03 2021 GMT
> Not After : Sep 30 18:14:03
On Thu, Feb 03, 2022 at 03:42:39PM +0100, Matus UHLAR - fantomas wrote:
Certificate chain
0 s:CN = darwin.bork.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet
Hello,
I try to add a disclaimer for all of my email accounts using altermime
but that doesn't work.
I did the following:
- created the user "filter": useradd -r -c "Postfix Filters" -d
/var/spool/filter filter
- created the directory /var/spool/filter
- changed directory permissions:
On Thu, Feb 03, 2022 at 03:42:39PM +0100, Matus UHLAR - fantomas wrote:
> Certificate chain
> 0 s:CN = darwin.bork.org
>i:C = US, O = Let's Encrypt, CN = R3
> 1 s:C = US, O = Let's Encrypt, CN = R3
>i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> 2 s:C = US, O =
On 2/3/22 15:42, Matus UHLAR - fantomas wrote:
it might be this:
% openssl s_client -connect darwin.bork.org:25 -starttls smtp
CONNECTED(0003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
> There is an smtp server that is trying to send e-mail to my
> domain, but with an expired certificate:
At this point, what's needed to help you are outputs from "postconf -nf"
and "postconf -Mf" (verbatim with no changes in
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
There is an smtp server that is trying to send e-mail to my
domain, but with an expired certificate:
Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem:
error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert
On 03.02.22 13:27, Adrian van Bloois wrote:
I reject unknown hosts through the EHLO restrictions.
But my fritzbox wants to sent me something withou a valid EHLO value.
Is there a whitelist I can put my fritx on accept?
you can enable connections from your fritz box by using check_client_access
On Thu, Feb 03, 2022 at 08:48:23AM -0500, PGNet Dev wrote:
> i've a relay def'd in master.cf
>
> relay-test unix - - n - - smtp
> ...
> -o
> smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
You can define multiple transports, each with its own
i've a relay def'd in master.cf
relay-test unix - - n - - smtp
...
-o
smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
entries is 'relay_tls_policy' take usual form, per
http://www.postfix.org/TLS_README.html#client_tls_policy, e.g.
Hi
On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote:
> There is an smtp server that is trying to send e-mail to my
> domain, but with an expired certificate:
> Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem:
> error:14094415:SSL
Hi,
There is an smtp server that is trying to send e-mail to my
domain, but with an expired certificate:
Feb 2 11:20:52 darwin postfix/smtpd[9181]: connect from
r114.mail.aircanada.com[172.82.216.114]
Feb 2 11:20:52 darwin postfix/smtpd[9181]: SSL_accept error from
Dnia 3.02.2022 o godz. 13:27:06 Adrian van Bloois pisze:
> I reject unknown hosts through the EHLO restrictions.
> But my fritzbox wants to sent me something withou a valid EHLO value.
> Is there a whitelist I can put my fritx on accept?
Isn't it better to whitelist it via IP address, for
IMO you should not reject widely based on HELO. Too many false positives.
More a place for basic checks.
But you can catch that if you want in your files.
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_helo_hostname, check_helo_access
Hi,
I reject unknown hosts through the EHLO restrictions.
But my fritzbox wants to sent me something withou a valid EHLO value.
Is there a whitelist I can put my fritx on accept?
Adrian
--
Adri P. van Bloois
"The greatest threat to our planet is the belief that
20 matches
Mail list logo
