On Thu, Jun 09, 2022 at 10:55:50PM +0200, Steffen Nurpmeso wrote:
> # That one is for client certificates!
> #smtpd_tls_CAfile = /etc/dovecot/cert.pem
The "smtpd_tls_CAfile" is unused bloat unless you solicit client
certificates, and even/especially then should NOT be the standard WebPKI
CA b
Steffen Nurpmeso wrote in
<20220609205550.kbvci%stef...@sdaoden.eu>:
...
|.. But .. in fact postfix's TLS configuration regarding CAfile
|made me appear so foolish i kept
|
| # That one is for client certificates!
| #smtpd_tls_CAfile = /etc/dovecot/cert.pem
|
|in my configuration. I can
Viktor Dukhovni wrote in
:
|On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote:
|> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
|>> [also there is
|>> smtpd_tls_mandatory_exclude_ciphers =
|>> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
|>>
On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote:
> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
> > [also there is
> > smtpd_tls_mandatory_exclude_ciphers =
> > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-C
On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
> [also there is
> smtpd_tls_mandatory_exclude_ciphers =
> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES,
> CBC3-SHA
> but i definetely should put more car
On Thu, Jun 09, 2022 at 06:47:10PM +0200, Benny Pedersen wrote:
> On 2022-06-09 17:13, Linda Pagillo wrote:
> > Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
> > of staring at the screen. Josef.. THANK YOU.
>
> >> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>
>
Benny Pedersen wrote in
<37a797bed4aeb5c01b75c262ba0fe...@junc.eu>:
|On 2022-06-09 17:13, Linda Pagillo wrote:
|> Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
|> of staring at the screen. Josef.. THANK YOU.
|
|>> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
On 2022-06-09 17:13, Linda Pagillo wrote:
Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
of staring at the screen. Josef.. THANK YOU.
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tlsv1.1 is more weak then tlsv1, so keep tlsv1
smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
On 09.06.22 16:41, Josef Vybíhal wrote:
By this you basically DISABLED all tls protocols. The ! means "not".
Try this:
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
no, try this:
smtpd_tls_protocols=!SSLv2,!SSL
On 2022-06-09 at 10:35:50 UTC-0400 (Thu, 9 Jun 2022 09:35:50 -0500)
Linda Pagillo
is rumored to have said:
Hi everyone! Yesterday I enabled TLS on my Postfix server (v.3.4.13).
When I did, no one with a Google or Yahoo hosted address could send us
mail
(possibly others too)
When I checked t
Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of
staring at the screen. Josef.. THANK YOU.
Fixed! :)
On Thu, Jun 9, 2022 at 9:41 AM Josef Vybíhal
wrote:
> Hi,
>
> > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
>
> By this you basically DISABLED
Hi,
> smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
By this you basically DISABLED all tls protocols. The ! means "not".
Try this:
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
You can use
https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=i
Hi everyone! Yesterday I enabled TLS on my Postfix server (v.3.4.13).
When I did, no one with a Google or Yahoo hosted address could send us mail
(possibly others too)
When I checked the Postfix log, I saw a bunch of this...
Jun 8 17:16:52 g1 postfix/smtpd[2153672]: connect from
mail-pl1-f180.g
13 matches
Mail list logo
