Hello
In configuring a postfix 2.7.0 (on Ubuntu 10.04 LTS) for mandatory TLS
to a couple of domains, I'm running into the following oddity when
sending e-mail to the UniCredit servers:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for
Hello!
I have postfix 2.10 on freebsd 9.2.
When i try to send some emails, i get following in mail log:
Oct 21 16:56:27 1gb postfix/smtp[7038]: imx6.ngs.ru[195.19.71.16]:25: 220
imx6.ngs.ru ESMTP ready
Oct 21 16:56:27 1gb postfix/smtp[7038]: imx6.ngs.ru[195.19.71.16]:25:
EHLO 1gb.by
Oct 21
On 10/21/2013 7:55 AM, Tobias Reckhard wrote:
Hello
In configuring a postfix 2.7.0 (on Ubuntu 10.04 LTS) for mandatory TLS
to a couple of domains, I'm running into the following oddity when
sending e-mail to the UniCredit servers:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA
On Mon, Oct 21, 2013 at 05:01:45PM +0300, Maksim Kulik wrote:
I have postfix 2.10 on freebsd 9.2.
Which 2.10? (2.10.0, 2.10.1, 2.10.2?)
Which version of OpenSSL?
When i try to send some emails, i get following in mail log:
smtp[7038]: imx6.ngs.ru[195.19.71.16]:25: EHLO 1gb.by
smtp[7038]:
On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
This organization uses SHA256 signatures for their certificates, even
On Mon, Oct 21, 2013 at 10:07:13AM -0500, Noel Jones wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
Looks as if they use a private root CA. Probably the easiest fix is
to
Maksim Kulik:
Hello!
I have postfix 2.10 on freebsd 9.2.
When i try to send some emails, i get following in mail log:
Oct 21 16:56:27 1gb postfix/smtp[7038]: imx6.ngs.ru[195.19.71.16]:25: 220
imx6.ngs.ru ESMTP ready
Oct 21 16:56:27 1gb postfix/smtp[7038]: imx6.ngs.ru[195.19.71.16]:25:
Wietse Venema:
Jose Borges Ferreira:
Ok, I understand that you don't have time to explain Postfix internals
but the subject was regarding documentation and the MILTER_README is
wrong.
Well, the text wasn't wrong. It is not safe to filter bounce
messages until someone does a detailed
On Mon, Oct 21, 2013 at 03:30:46PM +, Viktor Dukhovni wrote:
On Mon, Oct 21, 2013 at 02:55:22PM +0200, Tobias Reckhard wrote:
Oct 21 08:43:58 hostname postfix/smtp[5991]: CA certificate
verification failed for mx10.unicredit.eu[62.122.80.93]:25:
num=7:certificate signature failure
Dear Community,
VERSION 0.9.16 OF THE ELSE (E-mail Log Search Engine) has just been
released as a tar.gz archive.
As usual, take a look at the README file for the revision history.
The archive is there:
Viktor, thank you for your help!
Postfix version - postfix-2.10.1,1
Openssl version - openssl-1.0.1_8
FreeBSD version - FreeBSD 9.2-STABLE #1 r256306:
Log and backtrace:
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
On Mon, Oct 21, 2013 at 08:02:33PM +0300, Maksim Kulik wrote:
Postfix version - postfix-2.10.1,1
Probably immaterial. In Postfix 2.11-20131001 you can disable SSL
compression, which seems to be broken below. Sure seems like a
buggy OpenSSL or zlib.
Openssl version - openssl-1.0.1_8
When
On 10/19/13 3:24 PM, Viktor Dukhovni wrote:
On Fri, Oct 18, 2013 at 10:56:59AM -0500, List wrote:
For example we have the address distgr...@domain.tld which
is an alias to 3000 local users.
What kind of alias? Are you using virtual(5) aliases via
virtual_alias_maps, and with backend
On Mon, Oct 21, 2013 at 01:20:25PM -0500, List wrote:
What kind of alias? Are you using virtual(5) aliases via
virtual_alias_maps, and with backend database, the database schema
and query used as well as information about available indexes may
be pertinent?
Or are you using local
Openssl version - openssl-1.0.1_8
When was it last updated? When did the problem start?
This is the most recent version from freebsd ports. This is new
installation. I just installed Freebsd 9.2 stable, updated ports to the
latest version and installed postfix. The problem started as soon
Thank you again!
The problem is fixed now. I just rebuilt openssl port without zlib support.
It solved the problem.
Date:
From:
Subject: [none]
On Sun, Oct 20, 2013 at 08:55:33PM +0300, Deniss wrote:
I have an issue with postfix-2.10.2 and latest MS
windows/exchange/outlook: SSL connection cannot be negotiated with
default settings, there is an error in postfix log:
Oct 20 20:13:41 box
postfix/smtp[7411]: warning: TLS library problem: 7411:error:100AE081:elliptic
curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to only ECC NIST Suite B curves support?
postfix was compiled against exactly this openssl build
as far as i can see fallback to
On Mon, 21 Oct 2013 18:10:44 +
Viktor Dukhovni articulated:
Is this the default SSL library for the OS? (/usr/local/lib rather
than /usr/lib or /lib)?
The latest version, available in the ports system is: OpenSSL 1.0.1e 11
Feb 2013
The default version is: OpenSSL 0.9.8x 10 May 2012, or at
On Mon, Oct 21, 2013 at 10:22:05PM +0300, Deniss wrote:
Show all related logging from process 21730.
Oct 21 21:35:01 box postfix/smtp[19887]:
warning: TLS library problem: 19887:error:1408F10B:
SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
Oct 21 21:35:01 box
On Mon, Oct 21, 2013 at 09:51:01PM +0300, Maksim Kulik wrote:
Report the output of:
ldd bin/posttls-finger
ldd posttls-finger
posttls-finger:
libssl.so.8 = /usr/local/lib/libssl.so.8 (0x800ac1000)
libcrypto.so.8 = /usr/local/lib/libcrypto.so.8 (0x800d29000)
Interestingly, this
On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
postfix/smtp[7411]: warning: TLS library problem:
7411:error:100AE081:elliptic curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to only ECC NIST Suite B curves support?
postfix was
Am 21.10.2013 23:04, schrieb Viktor Dukhovni:
On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
postfix/smtp[7411]: warning: TLS library problem:
7411:error:100AE081:elliptic curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to only ECC
Am 21.10.2013 23:40, schrieb Viktor Dukhovni:
On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote:
Instead of improving the world by finally supporting EC, they've
made things worse! Previously clients negotiated something other
than EECDH key exchange, now they negotiate it
On 10/21/2013 3:53 PM, btb wrote:
i have a scenario in which certain email is sent using envelope
senders that contain host names that are known only on the local
lan/network, and unknown on the internet. most mail expressing that
characteristic stays local, but occasionally, some is
Am 21.10.2013 23:49, schrieb li...@rhsoft.net:
i hate it to ask but is there any change postfix avoids ECDHE for such
destinations
in case of this situation and continues to use DHE if the requested curve is
not
available in the linked openssl library?
as far as i can see in all 8
On Mon, Oct 21, 2013 at 11:49:48PM +0200, li...@rhsoft.net wrote:
since you sound very knowledgeable about SSL may you consider
to make a comment there?
https://bugzilla.redhat.com/show_bug.cgi?id=1019251
I have enough fish to fry. The problem is obvious, client promises
EECDH
On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated, the
Am 22.10.2013 02:33, schrieb Viktor Dukhovni:
On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
This is NOT progress. No support for EC is better than broken
support for EC. Either implement EC support or don't.
yes, frustrating, but better start with something crippled and
hope it improves than wait another 6
30 matches
Mail list logo