On Fri, Dec 01, 2023 at 01:52:19PM +0100, Alexander Leidinger wrote:
> > No. The problem you're reporting is with name matching. If the
> > certificate chain failed to be constructed, that'd be reported instead.
> > You'll only see name match errors if the chain construction succeeds,
> > but
Wietse Venema via Postfix-users:
> As people rely more on posttls-finger to troubleshoot TLS issues,
> it is clear that posttls-finger needs to become an officially
> supported tool.
Just to be clear, current posttls-finger documentation says "Note:
this is an unsupported test program." The text
As people rely more on posttls-finger to troubleshoot TLS issues,
it is clear that posttls-finger needs to become an officially
supported tool.
For that, we need to document how posttls-finger expecatations
differ from Postfix SMTP client expectations (some of which the
SMTP client delegates to
Am 2023-12-01 13:44, schrieb Wietse Venema:
Alexander Leidinger:
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
> Alexander Leidinger via Postfix-users:
>> What is wrong here that [tlsproxy] doesn't establish a trusted
>> connection
>> to the github mailservers when
Am 2023-12-01 12:40, schrieb Byung-Hee HWANG via Postfix-users:
Alexander Leidinger via Postfix-users
writes:
Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users:
...
Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
verification failed for
Am 2023-12-01 11:22, schrieb Viktor Dukhovni via Postfix-users:
On Fri, Dec 01, 2023 at 09:53:25AM +0100, Alexander Leidinger via
Postfix-users wrote:
> > Why should it expect reply.github.com?
>
> Because that name is securely known from the recipient address.
Because, whether you're
duluxoz via Postfix-users:
> A quick question (just to clarify things in my own mind):
>
> If `non_smtpd_milters = $smtpd_milters`, does this mean that an email
> received on port 25 passes through the milters twice; once for the
> `smtpd_milters` (from the `smtpd(8)` process) and again for the
Alexander Leidinger:
> Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
> > Alexander Leidinger via Postfix-users:
> >> What is wrong here that [tlsproxy] doesn't establish a trusted
> >> connection
> >> to the github mailservers when posttls-finger is able to do that with
> >> the
Alexander Leidinger via Postfix-users
writes:
> Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users:
>>> ...
>>> Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
>>> verification failed for in-8.smtp.github.com[140.82.114.32]:25:
>>> num=62:hostname mismatch
>>> ...
Am 2023-12-01 12:08, schrieb Byung-Hee HWANG via Postfix-users:
...
Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
verification failed for in-8.smtp.github.com[140.82.114.32]:25:
num=62:hostname mismatch
...
Maybe you check?
root@yw-1204:/etc/postfix# postconf -n | grep
> ...
> Nov 30 11:31:48 mailgate postfix/tlsproxy[175]: server certificate
> verification failed for in-8.smtp.github.com[140.82.114.32]:25:
> num=62:hostname mismatch
> ...
Maybe you check?
root@yw-1204:/etc/postfix# postconf -n | grep CAfile
smtp_tls_CAfile =
On Fri, Dec 01, 2023 at 09:53:25AM +0100, Alexander Leidinger via Postfix-users
wrote:
> > > Why should it expect reply.github.com?
> >
> > Because that name is securely known from the recipient address.
Because, whether you're willing to understand the point or prefer to
"dig in", verifying a
Thanks Ralf,
OK, so what was leading to my Q is the Postfix Architect document seems
to indicate (via the first diagram) that the `smtp_milters` is triggered
from the `smtpd(8)` process which then feeds into the `cleanup(8)`
process, which is what triggers the `non_smtp_milters` - hence me
* duluxoz via Postfix-users :
> A quick question (just to clarify things in my own mind):
>
> If `non_smtpd_milters = $smtpd_milters`, does this mean that an email
> received on port 25 passes through the milters twice; once for the
> `smtpd_milters` (from the `smtpd(8)` process) and again for
Am 2023-12-01 09:34, schrieb Tom Hendrikx via Postfix-users:
On 01-12-2023 08:59, Alexander Leidinger via Postfix-users wrote:
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
What is wrong here that [tlsproxy] doesn't establish a trusted
A quick question (just to clarify things in my own mind):
If `non_smtpd_milters = $smtpd_milters`, does this mean that an email
received on port 25 passes through the milters twice; once for the
`smtpd_milters` (from the `smtpd(8)` process) and again for the
`non_smtpd_milters` (from the
Am 2023-11-30 18:36, schrieb Viktor Dukhovni via Postfix-users:
On Thu, Nov 30, 2023 at 03:37:02PM +0100, Alexander Leidinger via
Postfix-users wrote:
> > Nov 30 11:18:40 mailgate postfix/tlsproxy[98300]: server certificate
> > verification failed for in-9.smtp.github.com[140.82.112.31]:25:
>
On 01-12-2023 08:59, Alexander Leidinger via Postfix-users wrote:
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
What is wrong here that [tlsproxy] doesn't establish a trusted
connection
to the github mailservers when posttls-finger is
Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
Alexander Leidinger via Postfix-users:
What is wrong here that [tlsproxy] doesn't establish a trusted
connection
to the github mailservers when posttls-finger is able to do that with
the same cert store?
Because there are
19 matches
Mail list logo