> On Apr 24, 2017, at 12:15 PM, Viktor Dukhovni
> wrote:
>
>
>> On Apr 24, 2017, at 12:51 PM, Michael Segel wrote:
>>
>> I wouldn’t say fashionista…
>>
>> More of an experiment since its easy to replace the tickets.
>> I wanted to try something a wee bit more secure. There’s actually a
> On Apr 24, 2017, at 12:51 PM, Michael Segel wrote:
>
> I wouldn’t say fashionista…
>
> More of an experiment since its easy to replace the tickets.
> I wanted to try something a wee bit more secure. There’s actually a
> downstream reason for this…
Excessively long keys that exceed the n
I wouldn’t say fashionista…
More of an experiment since its easy to replace the tickets.
I wanted to try something a wee bit more secure. There’s actually a downstream
reason for this…
But of course, I’m still at a loss as to why the initial rDNS handshake as well
as attempts to hit zen.sp
> On Apr 24, 2017, at 10:20 AM, Michael Segel wrote:
>
> (Of course the cert is 8192 which may be a bit excessive over 2048)
Don't be a crypto fashionista. Generate a 2048-bit key and obtain and
deploy a corresponding 2048-bit certificate.
--
Viktor.
Sorry this hit my junkmail folder…
The fix to this was to turn off SELinux.
Everytime the smtpd daemon tried to read the cert, it would get denied.
Once I turned off SELinux… it was happy.
(Of course the cert is 8192 which may be a bit excessive over 2048)
-Mike
> On Apr 20, 2017, at 2:4
Thanks,
That kind of cleared up that problem.
Now my mail logs are showing a bit more …
Now I’m on to my next problem…
On Apr 20, 2017, at 2:24 PM, David Mehler
mailto:dave.meh...@gmail.com>> wrote:
Hi,
I completely disable SELinux. I've found it more of a problem than
it's worth, gave me
> On Apr 20, 2017, at 2:48 PM, Michael Segel wrote:
>
> warning: cannot get RSA certificate from file /etc/pki/dovecot/mailCert.pem:
> disabling TLS support
That means that the file contained no certificate and/or was corrupted.
Additional messages may be logged following that one with more de
