On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote:
> The question is how likely it is such a server is dropping tls support
> after that work. I'd guess it will be unlikely and errors mostly occur
> due to expired certificates or other (temporary) configuration issues.
As a matter
>>> Sure, but the forensic value of the signal is rather weak, since you
>>> learn nothing about the names in the certificate, and anyone can get
>>> a certificate from Let's Encrypt. So your connection was to some
>>> server that had some certificate, ... now what?
>>
>> You'll get the
On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote:
> > Sure, but the forensic value of the signal is rather weak, since you
> > learn nothing about the names in the certificate, and anyone can get
> > a certificate from Let's Encrypt. So your connection was to some
> > server that
>>> I am curious why with opportunistic TLS (security level may), you're
>>> bothering to take any action to tweak the entirely cosmetic certificate
>>> path validation status?
>>
>> What about parsing the maillog and adding those trusted servers to a table
>> in order to enforce a higher tls
On Fri, Sep 17, 2021 at 07:53:55PM +0200, Gerald Galster wrote:
> > I am curious why with opportunistic TLS (security level may), you're
> > bothering to take any action to tweak the entirely cosmetic certificate
> > path validation status?
>
> What about parsing the maillog and adding those
>> Thank you for the answers. I'm reading the documentation and we need to
>> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
>> possible and I will report the result here.
>
> I am curious why with opportunistic TLS (security level may), you're
> bothering to take any action to
On Fri, Sep 17, 2021 at 01:38:43PM -0300, Fabio S. Schmidt wrote:
> Hello David and Gerald,
>
> Thank you for the answers. I'm reading the documentation and we need to
> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
> possible and I will report the result here.
I am curious
Hello David and Gerald,
Thank you for the answers. I'm reading the documentation and we need to
adjust the smtp_tls_CAfile indeed. I will adjust this as soon as
possible and I will report the result here.
Best regards
Fabio
Em sex., 17 de set. de 2021 às 11:50, Gerald Galster
escreveu:
> >
> I'm sorry if this is a frequent question, but we have deployed a new Postfix
> server and we have enabled Opportunistic TLS. We have noticed that even with
> a valid certificate when connecting to gmail servers the Untrusted TLS
> connection is being displayed.
>
> I have updated the
‘What do "Anonymous", "Untrusted", etc. in Postfix logging mean?’
http://www.postfix.org/FORWARD_SECRECY_README.html#status
Hello,
I'm sorry if this is a frequent question, but we have deployed a new
Postfix server and we have enabled Opportunistic TLS. We have noticed that
even with a valid certificate when connecting to gmail servers the
Untrusted TLS connection is being displayed.
I have updated the ca-certificate
11 matches
Mail list logo
