On 13 October 2011 20:11, Noel Jones njo...@megan.vbhcs.org wrote:
The only place you should really care about encryption is if your
own clients submit SASL authenticated mail -- the far most common
auth mechanisms are PLAIN and LOGIN which really should be protected
inside a TLS connection.
On 2011-10-18 1:04 PM, Simon Brereton simon.brere...@buongiorno.com wrote:
Is smtpd_enforce_tls=yes a suitable replacement/substitute for
smtpd_tls_auth_only = yes?
No, they are two different things.
What version of postfix? For current/latest version of postfix I use both:
On 10/18/2011 12:04 PM, Simon Brereton wrote:
On 13 October 2011 20:11, Noel Jones njo...@megan.vbhcs.org wrote:
The only place you should really care about encryption is if your
own clients submit SASL authenticated mail -- the far most common
auth mechanisms are PLAIN and LOGIN which really
On 18 October 2011 14:17, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/18/2011 12:04 PM, Simon Brereton wrote:
On 13 October 2011 20:11, Noel Jones njo...@megan.vbhcs.org wrote:
The only place you should really care about encryption is if your
own clients submit SASL authenticated mail --
On 10/18/2011 1:24 PM, Simon Brereton wrote:
smtpd_enforce_tls is obsolete, instead use
-o smtpd_tls_security_level=encrypt
This setting will reject all mail from unencrypted connections. The
encrypt setting must not be used on a public-facing port 25, but
is widely used and recommended on
On Tue, Oct 18, 2011 at 01:04:30PM -0400, Simon Brereton wrote:
Is smtpd_enforce_tls=yes a suitable replacement/substitute for
smtpd_tls_auth_only = yes?
With smtpd_tls_security_level=encrypt (or its legacy form) the
smtpd_tls_auth_only feature is arguably reduntant, but it is
harmless, and
On 13 October 2011 20:11, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/13/2011 6:39 PM, Simon Brereton wrote:
smtp_tls_CAfile = ?
smtp_tls_cert_file = ?
smtp_tls_key_file = ?
Typcially these would be set to the same cert keys as used by smtpd.
Since these are self-signed certificates,
On 10/14/2011 1:55 PM, Simon Brereton wrote:
On 13 October 2011 20:11, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/13/2011 6:39 PM, Simon Brereton wrote:
smtp_tls_CAfile = ?
smtp_tls_cert_file = ?
smtp_tls_key_file = ?
Typcially these would be set to the same cert keys as used by smtpd.
On 11 Oct 2011, at 15:54, Simon Brereton simon.brere...@buongiorno.com
wrote:
this is obseleted (I'm running 2.7.1) and to use
smtpd_tls_security_level = may instead - however, vim tells me that
the former is a valid configurable (it's highlighted) whilst the
latter is not. That's part of
On 10/13/2011 5:41 PM, Mark Homoky wrote:
On 11 Oct 2011, at 15:54, Simon Brereton simon.brere...@buongiorno.com
wrote:
this is obseleted (I'm running 2.7.1) and to use
smtpd_tls_security_level = may instead - however, vim tells me that
the former is a valid configurable (it's
On 13 October 2011 19:16, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/13/2011 5:41 PM, Mark Homoky wrote:
On 11 Oct 2011, at 15:54, Simon Brereton simon.brere...@buongiorno.com
wrote:
this is obseleted (I'm running 2.7.1) and to use
smtpd_tls_security_level = may instead - however, vim
On 10/13/2011 6:39 PM, Simon Brereton wrote:
smtp_tls_CAfile = ?
smtp_tls_cert_file = ?
smtp_tls_key_file = ?
Typcially these would be set to the same cert keys as used by smtpd.
Not needed, you neither ask for nor verify client certs.
Should I be? And if so, how do I do that? Bearing
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
us...@postfix.org] On Behalf Of Viktor Dukhovni
On Fri, Oct 07, 2011 at 05:15:20PM -0400, Simon Brereton wrote:
postfix/smtpd[25614]: warning: TLS library problem:
25614:error:14094416:SSL
On Fri, Oct 07, 2011 at 05:15:20PM -0400, Simon Brereton wrote:
postfix/smtpd[25614]: warning: TLS library problem: 25614:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL
alert number 46:
This client could not verify your server certificate, its
14 matches
Mail list logo