Re: question about envelop from.

Thanks for the help. smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, high Where did you get the idea that "high" was a TLS protocol version? I think this got in there by mistake, its not in my postfiix configuration. My guess is that I started typing before moving cursor. ooops! Sorry.

Re: question about envelop from.

> On Mar 14, 2018, at 10:48 PM, John wrote: > > smtp_dns_support_level = dnssec > smtp_tls_security_level = dane Fine. > smtp_tls_ciphers = high OK, but medium is perhaps sufficient. > smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK, aDSS, > kECDhe,

Re: question about envelop from.

Too complicated? How could this be improved? smtp_dns_support_level = dnssec smtp_tls_security_level = dane smtp_tls_ciphers = high smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK, aDSS, kECDhe, kECDhr, kDHd, kDHr, SEED, LOW, EXPORT smtp_tls_mandatory_protocols = !SSLv2,

Re: question about envelop from.

> On Mar 13, 2018, at 12:00 PM, Matus UHLAR - fantomas > wrote: > > smtpd_tls_ciphers=high > smtpd_tls_mandatory_ciphers=high > smtpd_tls_exclude_ciphers=aNULL My recommendation is: smtpd_tls_ciphers = medium smtpd_tls_mandatory_ciphers = high There's not much need to

Re: question about envelop from.

> On Mar 13, 2018, at 11:36 AM, LuKreme wrote: > > In general, or these specific exclusions? Mostly in general. Why do cleartext with clients that can't do strong ciphers, let them encrypt with their medium ciphers. > I've had > > smtpd_tls_exclude_ciphers = MD5, SEED,

Re: question about envelop from.

On 13.03.18 09:36, LuKreme wrote: On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote: smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES This too is unwise. Remove this setting. In general, or

Re: question about envelop from.

On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote: >> smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, >> DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES > > This too is unwise. Remove this setting. In general, or these specific exclusions?

Re: question about envelop from.

> On Mar 13, 2018, at 10:53 AM, L.P.H. van Belle wrote: > > Yes, i've set smtpd_tls_ask_ccert to yes. You almost certainly don't need this. > Hmmm, i now also noticed i dont have Trusted or Verified anymore, this must > be a miss on my side after the switch from 2.10 to 3.1

RE: question about envelop from.

Hello Victor, > -Oorspronkelijk bericht- > Van: postfix-us...@dukhovni.org > [mailto:owner-postfix-us...@postfix.org] Namens Viktor Dukhovni > Verzonden: dinsdag 13 maart 2018 15:27 > Aan: Postfix users > Onderwerp: Re: question about envelop from. > > > &

Re: question about envelop from.

> On Mar 13, 2018, at 8:54 AM, L.P.H. van Belle wrote: > > Feb 7 00:00:16 hostname postfix/smtpd[31726]: NOQUEUE: reject: RCPT from > smtp1..nl[x.xx.xxx.xx]]: 450 4.1.8 : > Sender address rejected: Domain not found; >

RE: question about envelop from.

x-us...@postfix.org] Namens Matus UHLAR - fantomas > Verzonden: dinsdag 13 maart 2018 14:05 > Aan: postfix-users@postfix.org > Onderwerp: Re: question about envelop from. > > On 13.03.18 13:54, L.P.H. van Belle wrote: > >Im reading through rfc's but the following is still not

Re: question about envelop from.

On 13.03.18 13:54, L.P.H. van Belle wrote: Im reading through rfc's but the following is still not clear for me.   E-mail is rejected base on the envelop-from adres from a mail-daemon with postfix + postfix-policyd-spf   I saw the following in the postfix logs. Feb  7 00:00:16 hostname

question about envelop from.

Hai,   Im reading through rfc's but the following is still not clear for me.   E-mail is rejected base on the envelop-from adres from a mail-daemon with postfix + postfix-policyd-spf   I saw the following in the postfix logs. Feb  7 00:00:16 hostname postfix/smtpd[31726]: Untrusted TLS