Re: Postfix cannot start tls: handshake failure

> On Mar 30, 2017, at 12:03 AM, Den1 wrote: > >> smtp_tls_ciphers = medium >> smtp_tls_exclude_ciphers = >> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4 > > Why would you exclude these ciphers Because: * MD5 is weak, obsolete and unnecessary * SRP and PSK

RE: Postfix cannot start tls: handshake failure

L.P.H. van Belle wrote > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = > MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4 > > Greetz, > Louis Why would you exclude these ciphers and make them medium, Louis? -- View this message in context:

Re: Queue ID availability for milters on multi-message connections/sessions?

Below are the SMTP commands/responses, and the test-milter output showing that the second "DATA" event is reported with the correct queue ID. Wietse $ telnet 127.0.0.1 smtp Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220-wzv.porcupine.org ESMTP Postfix 220

Re: Queue ID availability for milters on multi-message connections/sessions?

Kris Deugau: > Mar 29 16:35:14 jessie64 postfix/smtpd[17537]: connect from > localhost[127.0.0.1] > Mar 29 16:35:27 jessie64 postfix/smtpd[17537]: 26F5E428A4: > client=localhost[127.0.0.1] > Mar 29 16:36:02 jessie64 postfix/cleanup[17556]: 26F5E428A4: > message-id= > Mar 29

Re: Queue ID availability for milters on multi-message connections/sessions?

Wietse Venema wrote: Kris Deugau: I came across a bit of an information-passing glitch on a system that uses a milter (MIMEDefang) to glue together complex filter policies. MIMEDefang is configured to log sender, first recipient, Message-ID (if any), and the queue ID, along with some filter

Re: need little help with DKIM, if possible.

On 29 March 2017 at 20:36, Fazzina, Angelo wrote: > Thank you Doug, > > I fixed the name so the unsupported character "_" is not used. > > Please review my latest test, as I have a question. > > > > Is there anything in the DKIM config files I can change to get rid of

RE: need little help with DKIM, if possible.

Thank you Doug, I fixed the name so the unsupported character "_" is not used. Please review my latest test, as I have a question. Is there anything in the DKIM config files I can change to get rid of this message ? Authentication-Results: verifier.port25.com; dkim=pass (signature

Re: Queue ID availability for milters on multi-message connections/sessions?

Kris Deugau: > I came across a bit of an information-passing glitch on a system that > uses a milter (MIMEDefang) to glue together complex filter policies. > > MIMEDefang is configured to log sender, first recipient, Message-ID (if > any), and the queue ID, along with some filter result data,

Queue ID availability for milters on multi-message connections/sessions?

I came across a bit of an information-passing glitch on a system that uses a milter (MIMEDefang) to glue together complex filter policies. MIMEDefang is configured to log sender, first recipient, Message-ID (if any), and the queue ID, along with some filter result data, for each message.

Re: Why aren't macros available to command syntax in pipe(8)?

On 03/29/2017 10:03 AM, Wietse Venema wrote: Doug Barton: On 03/29/2017 04:01 AM, Wietse Venema wrote: Doug Barton: Unlike .forward or files which exist for selected users, injecting envelope data (e.g. user=${user}) into the pipe(8) execution context could allow remote senders to execute

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton: > On 03/29/2017 04:01 AM, Wietse Venema wrote: > > Doug Barton: > >>> Unlike .forward or files which exist for selected users, injecting > >>> envelope data (e.g. user=${user}) into the pipe(8) execution context > >>> could allow remote senders to execute code as any user on the

Re: Why aren't macros available to command syntax in pipe(8)?

On 03/29/2017 04:01 AM, Wietse Venema wrote: Doug Barton: Unlike .forward or files which exist for selected users, injecting envelope data (e.g. user=${user}) into the pipe(8) execution context could allow remote senders to execute code as any user on the system Yes, that's what I want to do.

advice books (electronic ones better) for Postfix.

Hi people: I'm looking to buy/download your recommended books (I prefer electronic ones to avoid paper) of Postfix; >From novice to TopGun ones. Thanks. Este mensaje de correo electr?nico, incluidos los archivos adjuntos, es para el uso exclusivo de la persona a la que se ha enviado, y puede

When to use mandatory TLS ("encrypt", ...)

On Wed, Mar 29, 2017 at 06:44:54AM -0700, Den1 wrote: > Well, Viktor was talking about those: > > smtp_tls_security_level = encrypt -or- secure > smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt > > and my question was about those as well. You may read it once again since > you have this

Re: Postfix cannot start tls: handshake failure

On Wed, Mar 29, 2017 at 05:03:51AM -0700, Den1 wrote: > I was wondering is it actually advisable to use tls on smtp? When I tried it > out with my self-signed certificates just to see if it's of any convenience > to implement this feature I received the following response: > > TLS required, but

Re: Postfix cannot start tls: handshake failure

On Wed, Mar 29, 2017 at 04:14:35AM -0700, oakley wrote: > *openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)* > Why on earth are you wasting our time showing results of connections to an HTTPS service. In every message you post, show the current *Postfix* configuration,

RE: Postfix cannot start tls: handshake failure

Well, Viktor was talking about those: smtp_tls_security_level = encrypt -or- secure smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt and my question was about those as well. You may read it once again since you have this one set: smtp_tls_security_level = may and I think it's not the

RE: Postfix cannot start tls: handshake failure

Sorry about that, i was thinking your talking about the remote connecting to you. So, it's you to remote ( so the smtp_tls settings ) I did setup also for client myself, but that more how official you need to have some things. Its about the same, for the client setup im using : # TLS Client

RE: Postfix cannot start tls: handshake failure

Hi Louis, Thank you for your input, I appreciate. I have smtpd running OK with all the key_file, cert_file and so on. I was asking about smtp. These two are different :-) -- View this message in context:

RE: Postfix cannot start tls: handshake failure

Yes is advicable to enable TLS. Whats is your OS and Postfix version? For example, i use Debian. And when you want to use : ca-certificates.crt You need to setup as debian expects and it includes your cert in the ca-certifcate.crt, so thats why i want to know the os and version of postfix.

Re: Postfix cannot start tls: handshake failure

I was wondering is it actually advisable to use tls on smtp? When I tried it out with my self-signed certificates just to see if it's of any convenience to implement this feature I received the following response: TLS required, but was not offered by host -or- we do not run TLS engine -or-

Re: Postfix cannot start tls: handshake failure

*openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)* CONNECTED(0003) depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority verify error:num=20:unable to get local issuer certificate --- Certificate chain 0

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton: > > Unlike .forward or files which exist for selected users, injecting > > envelope data (e.g. user=${user}) into the pipe(8) execution context > > could allow remote senders to execute code as any user on the system > > Yes, that's what I want to do. :) Still easily done with a