Re: SSL Certificates

On Wednesday, February 15, 2017 03:55:45 PM Alice Wonder wrote: > On 02/15/2017 02:22 AM, Dominic Raferd wrote: > > Thanks for your answer. > > > > There may be a problem between DMARC and mailing lists - I avoid > > p=reject or p=quarantine on domains I use for posting to mailing > > lists. > >

Re: SSL Certificates

On 02/15/2017 02:22 AM, Dominic Raferd wrote: Thanks for your answer. There may be a problem between DMARC and mailing lists - I avoid p=reject or p=quarantine on domains I use for posting to mailing lists. SPF proves sender identity but final recipient MTA cannot rely on it if there are any

Re: SSL Certificates

On 15 February 2017 8:34:55 PM AEDT, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On Feb 15, 2017, at 4:27 AM, Henry <der...@gmail.com> wrote: >> >> With this being the case what is the point of using SSL certificates >> for sendi

Re: SSL Certificates

On 15 February 2017 at 09:34, Alice Wonder wrote: > On 02/15/2017 12:32 AM, Dominic Raferd wrote: >> >> On 15 February 2017 at 07:58, Richard James Salts >> wrote: >>> >>> >>> >>> On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni >>>

Re: SSL Certificates

On 02/15/2017 01:27 AM, Henry wrote: On Wed, Feb 15, 2017 at 6:51 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: On Feb 15, 2017, at 2:47 AM, Henry <der...@gmail.com> wrote: So you are saying there is no point in securing outbound email in postfix? I am saying SSL

Re: SSL Certificates

On 02/15/2017 12:32 AM, Dominic Raferd wrote: On 15 February 2017 at 07:58, Richard James Salts wrote: On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni wrote: Please do not encourage novice users to configure DMARC. This does much

Re: SSL Certificates

> On Feb 15, 2017, at 4:27 AM, Henry <der...@gmail.com> wrote: > > With this being the case what is the point of using SSL certificates > for sending? I repeat myself. Typically none. They largely only cause some harm. > There is a long discussion on using is here howe

Re: SSL Certificates

On Wed, Feb 15, 2017 at 6:51 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On Feb 15, 2017, at 2:47 AM, Henry <der...@gmail.com> wrote: >> >> So you are saying there is no point in securing outbound email in postfix? > > I am saying SSL certif

Re: SSL Certificates

On 02/14/2017 11:17 PM, Viktor Dukhovni wrote: On Feb 15, 2017, at 2:10 AM, Henry wrote: When I send a message to Gmail I am informed that it could not be authenticated and will probably end in the spam folder. This is largely misinformation. Sites that send bulk mail

Re: SSL Certificates

On 15 February 2017 at 07:58, Richard James Salts wrote: > > > On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni > wrote: >> >>Please do not encourage novice users to configure DMARC. This does >>much >>more harm than good. DMARC is

Re: SSL Certificates

On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni wrote: > >> On Feb 15, 2017, at 2:27 AM, Sebastian Nielsen >wrote: >> >> In Gmail jargong, means you have to set up SPF, DKIM and DMARC >records. > >Please do not encourage novice users to

Re: SSL Certificates

> On Feb 15, 2017, at 2:47 AM, Henry <der...@gmail.com> wrote: > > So you are saying there is no point in securing outbound email in postfix? I am saying SSL certificates on the sending side have nothing (good) to do with securing outbound mail. As for whether DKIM and/or SPF wi

Re: SSL Certificates

> On Feb 15, 2017, at 2:27 AM, Sebastian Nielsen wrote: > > In Gmail jargong, means you have to set up SPF, DKIM and DMARC records. Please do not encourage novice users to configure DMARC. This does much more harm than good. DMARC is legitimately for the few likePayPal,

Re: SSL Certificates

thanks Viktor. this is what I was ultimately trying to achieve: https://kolabsys.com/howtos/secure-kolab-server.html#postfix So you are saying there is no point in securing outbound email in postfix? On Wed, Feb 15, 2017 at 6:17 PM, Viktor Dukhovni wrote: > >> On Feb

Re: SSL Certificates

fix.org > [mailto:owner-postfix-us...@postfix.org] För Henry > Skickat: den 15 februari 2017 08:10 > Till: postfix-users@postfix.org > Ämne: SSL Certificates > > When I send a message to Gmail I am informed that it could not be > authenticated and will probably end in the spam fo

SV: SSL Certificates

@postfix.org Ämne: SSL Certificates When I send a message to Gmail I am informed that it could not be authenticated and will probably end in the spam folder. I understand the resolution to this is to obtain an SSL certificate and configure postfix to use that certificate. I have obtained

Re: SSL Certificates

> On Feb 15, 2017, at 2:10 AM, Henry wrote: > > When I send a message to Gmail I am informed that it could not be > authenticated and will probably end in the spam folder. This is largely misinformation. Sites that send bulk mail that might get classified as junk may benefit

SSL Certificates

When I send a message to Gmail I am informed that it could not be authenticated and will probably end in the spam folder. I understand the resolution to this is to obtain an SSL certificate and configure postfix to use that certificate. I have obtained a certificate from LetsEncrypt which is

Re: is possible to use different SSL certificates for different domains?

May be we can put that into the Postfix documentation page, in Specific environments section. Also, may be DNS can be there, both are environments anyway... Just 2 cents... Best regards, --- Fernando Maciel Souto Maior On Wed, Feb 27, 2013 at 6:17 PM, /dev/rob0 r...@gmx.co.uk wrote: On Mon,

Re: is possible to use different SSL certificates for different domains?

On Mon, Feb 25, 2013 at 04:59:37PM +, Viktor Dukhovni wrote: I see negligible benefit from an SNI implementation for Postfix. Is it time to add an anti-SNI rationale section to TLS_README? This would set a bad precedent, there is no limit to the number of non-features we could document.

is possible to use different SSL certificates for different domains?

HI Im preparing a server with postfix 2.7.1 and now Im with the process to certificate de connection. I have two domains and normally using multipli domains certificate ou can join this, but the propierty of domains is different and you can't do that. How resolves this problem the companies

Re: is possible to use different SSL certificates for different domains?

The one Mailserver, that is doing mailing for N Domains, only need one Certificate. Other thing is with websites, they need each one. connect multiple ip´s to the server for multiple websites ssl certs. but the mailserver only one for himself. the other mailserver dont look what domain sends

Re: is possible to use different SSL certificates for different domains?

Am 25.02.2013 10:33, schrieb marcos gonzalez: Im preparing a server with postfix 2.7.1 and now Im with the process to certificate de connection. I have two domains and normally using multipli domains certificate ou can join this, but the propierty of domains is different and you can't do

Re: is possible to use different SSL certificates for different domains?

On Feb 25, 2013, at 10:33, marcos gonzalez deco...@riseup.net wrote: Im preparing a server with postfix 2.7.1 and now Im with the process to certificate de connection. I have two domains and normally using multipli domains certificate ou can join this, but the propierty of domains is

Re: is possible to use different SSL certificates for different domains?

Hi Thanks for the answer. I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include all domains in one certificate, I don't know If postfix has the possibility to create a table

Re: is possible to use different SSL certificates for different domains?

Am 25.02.2013 11:38, schrieb marcos gonzalez: I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include all domains in one certificate, I don't know If postfix has the

Re: is possible to use different SSL certificates for different domains?

Reindl Harald: I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include all domains in one certificate, I don't know If postfix has the possibility to create a table

Re: is possible to use different SSL certificates for different domains?

Am 25.02.2013 12:59, schrieb Wietse Venema: Reindl Harald: I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include all domains in one certificate, I don't know If postfix

Re: is possible to use different SSL certificates for different domains?

On Mon, Feb 25, 2013 at 10:33:09AM +0100, marcos gonzalez wrote: Im preparing a server with postfix 2.7.1 and now Im with the process to certificate de connection. I have two domains and normally using multipli domains certificate ou can join this, but the propierty of domains is different

Re: is possible to use different SSL certificates for different domains?

in other words NO. in reality outside you dont do this. the MAILSEERVER authenticates his self with his Cert/key/CA. NOT the Domains self he is responsible for. So it doesnt matter, how many domains the mailserver is responsible for. You need only one Cert/Key for the Mailserver. On Https

Re: is possible to use different SSL certificates for different domains?

On 25/02/2013 12:38, marcos gonzalez wrote: Hi Thanks for the answer. I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include all domains in one certificate, I don't know If

Re: is possible to use different SSL certificates for different domains?

Am 25.02.2013 21:54, schrieb Birta Levente: On 25/02/2013 12:38, marcos gonzalez wrote: Hi Thanks for the answer. I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain, and for legal questions you can't include

Re: is possible to use different SSL certificates for different domains?

On 25/02/2013 22:59, Reindl Harald wrote: Am 25.02.2013 21:54, schrieb Birta Levente: On 25/02/2013 12:38, marcos gonzalez wrote: Hi Thanks for the answer. I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more than one domain,

Re: is possible to use different SSL certificates for different domains?

Am 25.02.2013 22:39, schrieb Birta Levente: On 25/02/2013 22:59, Reindl Harald wrote: Am 25.02.2013 21:54, schrieb Birta Levente: On 25/02/2013 12:38, marcos gonzalez wrote: Hi Thanks for the answer. I'm reading how more of you separates http of mail, is correct but If you needs the

SSL Certificates

I was wondering who is the best CA Cert for Postfix? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013

Re: SSL Certificates

On Nov 23, 2012 9:48 PM, The Doctor doc...@doctor.nl2k.ab.ca wrote: I was wondering who is the best CA Cert for Postfix? The one YOU trust the most - even if that's someone no one else has heard of. Simon

Re: SSL Certificates

I use StartCOM (http://www.startcom.org/) for all my SSL certificate needs. I've had no problem with the certificates generated and signed through them working with Postfix installations. On 23.11.2012 20:46, The Doctor wrote: I was wondering who is the best CA Cert for Postfix? -- Member -

Re: SSL Certificates

On 11/23/2012 8:46 PM, The Doctor wrote: I was wondering who is the best CA Cert for Postfix? Probably the same as the best CA for dovecot, and it depends on your needs. Any certificate will give good security, the difference is how many end-user software applications will automatically trust

Re: multiple ssl certificates for multiple domains but just one IP

On 2/4/11 3:31 AM, Alokat wrote: On 02/03/2011 08:10 PM, Reindl Harald wrote: AFAIK this is a problem that does not exist in the real world We are hosting 200 mail domains and there is one hostname and one certificate for all of them yeah I guess I will just use one certificate for all

Re: multiple ssl certificates for multiple domains but just one IP

On 02/03/2011 08:10 PM, Reindl Harald wrote: Am 03.02.2011 20:05, schrieb Chris Tandiono: You can get a multi-domain SSL certificate. It is one certificate that lists all the domains for which it is valid. in theory xes but this is not scaleable If you get 3 new customers with their own

multiple ssl certificates for multiple domains but just one IP

Hi, I have a server which accepts eMails for multiple Domains. And I wanna provide for each Domain a SSL certificate. How can I use SNI (Server Name Indication) with postfix or is there another way to solve this problem? Regards, alokat

Re: multiple ssl certificates for multiple domains but just one IP

Alokat: Hi, I have a server which accepts eMails for multiple Domains. And I wanna provide for each Domain a SSL certificate. How can I use SNI (Server Name Indication) with postfix or is there another way to solve this problem? This is not yet implemented in Postfix. One option is to

Re: multiple ssl certificates for multiple domains but just one IP

On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote: Alokat: Hi, I have a server which accepts eMails for multiple Domains. And I wanna provide for each Domain a SSL certificate. How can I use SNI (Server Name Indication) with postfix or is there another way to solve

Re: multiple ssl certificates for multiple domains but just one IP

On 02/03/2011 05:03 PM, Victor Duchovni wrote: On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote: Alokat: Hi, I have a server which accepts eMails for multiple Domains. And I wanna provide for each Domain a SSL certificate. How can I use SNI (Server Name Indication) with postfix

Re: multiple ssl certificates for multiple domains but just one IP

more frequent than the typical certificate lifetime. Are the SSL certificates you want to provision in support of MUAs or peer MTAs? If MUAs, do you know whether the MUAs in fact support SNI? -- Viktor.

Re: multiple ssl certificates for multiple domains but just one IP

Am 03.02.2011 17:16, schrieb Alokat: Okay ... thanks for all your comments. So how would you solve my problem? Multiple Instances? Regards, Alokat * One Servername * One Certificate I see really no reason why not mail.yourcompany.tld using in all MX-records and client-configs, nobody

Re: multiple ssl certificates for multiple domains but just one IP

On Thu, 03 Feb 2011 08:16:58 -0800, Alokat mail...@alokat.org wrote: On 02/03/2011 05:03 PM, Victor Duchovni wrote: On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote: Alokat: Hi, I have a server which accepts eMails for multiple Domains. And I wanna provide for each Domain a

Re: multiple ssl certificates for multiple domains but just one IP

Am 03.02.2011 20:05, schrieb Chris Tandiono: You can get a multi-domain SSL certificate. It is one certificate that lists all the domains for which it is valid. in theory xes but this is not scaleable If you get 3 new customers with their own domains you cert does not include them and

SSL Certificates per domain

the Common Name in the certificate doesn't match the FQDN of the SMTP server configured on mail clients (outlook, thunderbird, etc) For example: Common Name: myserver.domain.com MX for domain1: smtp.domain1.com MX for domain2: smtp.domain2.com Then, how i configure SSL Certificates per domain

Re: SSL Certificates per domain

On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote: Common Name: myserver.domain.com MX for domain1: smtp.domain1.com MX for domain2: smtp.domain2.com Then, how i configure SSL Certificates per domain on Postfix? References? How would Postfix know what certificate

Re: SSL Certificates per domain

in the certificate doesn't match the FQDN of the SMTP server configured on mail clients (outlook, thunderbird, etc) For example: Common Name: myserver.domain.com MX for domain1: smtp.domain1.com MX for domain2: smtp.domain2.com Then, how i configure SSL Certificates per domain on Postfix? References? How

Re: SSL Certificates per domain

On 06/01/2010 10:00 AM, Victor Duchovni wrote: On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote: Common Name: myserver.domain.com MX for domain1: smtp.domain1.com MX for domain2: smtp.domain2.com Then, how i configure SSL Certificates per domain on Postfix? References? How

Re: SSL Certificates per domain

On Tue, Jun 01, 2010 at 12:23:38PM -0500, Terry Inzauro wrote: Even with SNI support, most SMTP clients will not make use of SNI, so it will take a long time before SMTP STARTTLS servers can expect to support multiple certificates for most clients. Could this be a case where it makes

Re: SSL Certificates per domain

On Tue, Jun 01, 2010 at 12:23:38PM -0500, Terry Inzauro wrote: Could this be a case where it makes sense to run multiple instances of postfix which bind to different IP's and are each configured with unique certs? They don't need to be separate instances, possibly just separate smtpd(8)

Re: SSL Certificates per domain

On Tue, Jun 01, 2010 at 12:42:06PM -0500, /dev/rob0 wrote: Is SNI defined for SMTP yet? A quick Google search didn't find it. How would that work? The client would have to tell the hostname or domain name wanted before the STARTTLS? SNI works entirely within SSL, the desired hostname is