On 10 Feb 2021, at 04:13, Matus UHLAR - fantomas wrote:
> On 09.02.21 14:22, @lbutlr wrote:
>> But yes, each admin needs to look at their logs and see who
>> is still using encryption they should not be using (especially since this
>> probably indicates they have not updated the ssl libraries and
On 09 Feb 2021, at 04:23, Dominic Raferd wrote:
This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 -
including the postfix-users list servers. Of course they would
probably downgrade to plaintext if required, but that would reduce
security.
On 09/02/2021 12:36, @lbutlr wrote:
On 09 Feb 2021, at 04:20, Doug Hardie wrote:
>
> Cc: Postfix users
> To: "@lbutlr"
Please do not do this. I am subscribed to the list. I will see your message on
the list.
--
'I thought dwarfs didn't believe in devils and demons and stuff like that.'
'That's true, but... we're not sure
On 09 Feb 2021, at 06:21, Dominic Raferd wrote:
> On 09/02/2021 12:36, @lbutlr wrote:
>> On 09 Feb 2021, at 04:23, Dominic Raferd wrote:
>>> This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 -
>>> including the postfix-users list servers. Of course they would probably
>>>
On 09/02/2021 12:36, @lbutlr wrote:
On 09 Feb 2021, at 04:23, Dominic Raferd wrote:
This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 - including
the postfix-users list servers. Of course they would probably downgrade to
plaintext if required, but that would reduce security.
On 09 Feb 2021, at 04:23, Dominic Raferd wrote:
> This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 - including
> the postfix-users list servers. Of course they would probably downgrade to
> plaintext if required, but that would reduce security.
That is odd. My mails from the
On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
>Indeed, it was running chrooted but resolv.conf has the same content
>=== # postconf -nf
>smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
this is superflous and not a good idea. Many servers support TLS1.0 max.
!SSLv2, !SSLv3
On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
Indeed, it was running chrooted but resolv.conf has the same content
=== # postconf -nf
smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
On 08 Feb 2021, at 06:20, Matus UHLAR - fantomas wrote:
this is superflous and not a
On 09/02/2021 10:58, @lbutlr wrote:
On 09 Feb 2021, at 03:53, @lbutlr wrote:
Looking over the last few days, I see connections rom servers I do not accept
mail from, so it looks to me based on my logs that I could easily reject TLSv1
or TLSv1.1 without missing a single mail.
Meant to
> On 9 February 2021, at 02:58, @lbutlr wrote:
>
> zgrep TLSv1 /var/log/mail.log.* | egrep -v '(TLSv1.3|TLSv1.2)' | egrep -o
> 'established from [^:]*' | sort -u
For the last week of my maillogs, I get 298 entries. Some of them are from the
US Census, several health organizations, a mail
On 09 Feb 2021, at 03:53, @lbutlr wrote:
> Looking over the last few days, I see connections rom servers I do not accept
> mail from, so it looks to me based on my logs that I could easily reject
> TLSv1 or TLSv1.1 without missing a single mail.
Meant to include this in case this helps:
On 08 Feb 2021, at 06:20, Matus UHLAR - fantomas wrote:
> On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
>> Indeed, it was running chrooted but resolv.conf has the same content
> === # postconf -nf
>> smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
>
> this is superflous and
El lun., 8 de febrero de 2021 10:20, Matus UHLAR - fantomas <
uh...@fantomas.sk> escribió:
> On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
> >Indeed, it was running chrooted but resolv.conf has the same content
>
> >=== # postconf -nf
> >smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1,
On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
Indeed, it was running chrooted but resolv.conf has the same content
=== # postconf -nf
smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
this is superflous and not a good idea. Many servers support TLS1.0 max.
!SSLv2, !SSLv3
Indeed, it was running chrooted but resolv.conf has the same content
=== # postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
disable_dns_lookups = no
disable_vrfy_command = yes
inet_interfaces = all
On Sat, Jan 30, 2021 at 09:39:01PM -0700, Bob Proulx wrote:
> My best guess is that your chroot does not have a working resolv.conf file.
Certainly a good place to start. The only odd detail is that the errors
are 5.3.0 errors, so the lookup returned a definitive "no such host",
rather than
Daniel Armando Rodriguez wrote:
> , relay=none, delay=1.2, delays=0.15/0.01/1/0, dsn=5.3.0, status=bounced
> (unable to look up host host.domain.com: No address associated with
> hostname)
>
> However, DNS resolution works as expected and has a PTR record associated
> with it.
It is very common
Messages log this error
, relay=none, delay=1.2, delays=0.15/0.01/1/0, dsn=5.3.0, status=bounced
(unable to look up host host.domain.com: No address associated with
hostname)
However, DNS resolution works as expected and has a PTR record associated
with it.
Any pointers would be greatly
18 matches
Mail list logo