On Wed, Jan 19, 2022 at 08:38:07AM -0500, Ruben Safir
wrote:
> On Tue, Jan 18, 2022 at 11:14:58AM -0500, Ruben Safir wrote:
> > On Tue, Jan 18, 2022 at 04:50:11PM +0100, Matus UHLAR - fantomas wrote:
> > > On 18.01.22 10:32, Ruben Safir wrote:
> > > >I am sorry, that is wrong. I am getting
On Tue, Jan 18, 2022 at 07:22:40PM -0500, Joe Acquisto-j4
wrote:
> . . .
> > I would imagine that Postfix can only authenticate to
> > servers that have entries in /etc/postfix/sasl_passwd.
> >
> > smtp_sasl_password_maps (default: empty)
> >
> > Optional Postfix SMTP client lookup
Thank you. It’s appreciated.
I’ll work on the other issue and see if I can solve it.
Regards,
Wayne
Wayne Spivak
SBA.NET.WEB
A div of SBA * Consulting LTD
Tel LI: +1 (516) 221-3306
NY Tel: +1 (212) 487-5085
Tel CT: +1-860-760-0250
Fax: +1 (516) 387-1184
On Wed, Jan 19, 2022 at 05:07:38PM -0500, Wayne Spivak wrote:
> That was the solution for TLS failing when I start postfix:
>
> perl -lne print file1 file2 file3
And now your server has the intermediate issuer in its chain, and
verification works:
posttls-finger:
On 2022-01-19 at 17:04:37 UTC-0500 (Wed, 19 Jan 2022 17:04:37 -0500)
Alex
is rumored to have said:
Hi,
I'm using postfix-3.5.10 and would like to use it to front-end a
domain currently being managed by Google Workspace to be able to
send
mail through our filters first.
I take it this
That was the solution for TLS failing when I start postfix:
perl -lne print file1 file2 file3
I then tested with:
[root@mcq postfix]# posttls-finger -cC -lsecure '[mcq.sbanetweb.com]'
posttls-finger: warning: DNSSEC validation may be unavailable
posttls-finger: warning: reason: dnssec_probe
On 1/19/22 16:46, Viktor Dukhovni wrote:
Only "-l dane" can produce a "Verified" result with no explicit trust
...
the default is to not trust any CAs.
ah. thx! o/
posttls-finger -cC -lsecure -F /etc/ssl/certs/ca-bundle.trust.crt
'[mx.example.com]'
posttls-finger:
Hi,
> > I'm using postfix-3.5.10 and would like to use it to front-end a
> > domain currently being managed by Google Workspace to be able to send
> > mail through our filters first.
>
> I take it this means *inbound* mail sent from outside users to your
> users, whose mailboxes are ultimately
On Wed, Jan 19, 2022 at 04:47:55PM -0500, Wayne Spivak wrote:
> >My file looks like
>
> -BEGIN PRIVATE KEY-
> ... base64 data ...
> -END PRIVATE KEY-
> -BEGIN CERTIFICATE-
> ... base64 data ...
> -END CERTIFICATE--BEGIN CERTIFICATE- (THIS IS HOW
On Wed, Jan 19, 2022 at 04:40:29PM -0500, Wayne Spivak wrote:
> I am creating the file by using cat file1 file2 file3 > ws.pem (which
> is my test combo file)
Does the last "line" of each of the files end in a newline character?
A missing newline at the end of file1 or file2 will corrupt the
Clearly /etc/postfix/tls/ws.pem is malformed. How are you constructing this
file? It should look like (each line should end with a newline character,
i.e. LF not CR or CR+LF):
>My file looks like
-BEGIN PRIVATE KEY-
... base64 data ...
-END PRIVATE KEY-
-BEGIN
On Wed, Jan 19, 2022 at 04:21:13PM -0500, PGNet Dev wrote:
> following along & just curious, i checked a postfix 3.6.3 here that's using
> LetsEncrypt certs, where conf includes
>
> smtpd_tls_cert_file = /usr/local/etc/postfix/sec/fullchain.rsa.crt.pem
> smtpd_tls_eccert_file =
I am creating the file by using cat file1 file2 file3 > ws.pem (which is my
test combo file)
I noticed the "$", not sure why they were there and removed them. Tested
again, without effect.
The "key" is a filename, I just removed the root part of the file name (too
much of short hand, sorry)
On Wed, Jan 19, 2022 at 04:23:58PM -0500, Wayne Spivak wrote:
> This is with the new combo certificate
>
> Mail log:
> Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: TLS library problem:
> error:0908F066:PEM routines:get_header_and_data:bad end
> line:crypto/pem/pem_lib.c:856:
> Jan 19
Missing logs:
This is with the new combo certificate
Mail log:
Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: TLS library problem:
error:0908F066:PEM routines:get_header_and_data:bad end
line:crypto/pem/pem_lib.c:856:
Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: error loading
following along & just curious, i checked a postfix 3.6.3 here that's using
LetsEncrypt certs, where conf includes
smtpd_tls_cert_file = /usr/local/etc/postfix/sec/fullchain.rsa.crt.pem
smtpd_tls_eccert_file = /usr/local/etc/postfix/sec/fullchain.ec.crt.pem
I'll do this one step at a time (I need to do other things)..
Again, thank you.
I created the combo with
-- Begin Priviate
--End Private
--Begin Certificate
--End Certificate
-- Begin Intermediate
-- End Intermediate
I have one multi-domain certificate, however for email all the emails on
On Wed, January 19, 2022 14:45, Wietse Venema wrote:
>
> "Connection refused" means that the TCP SYN request from your system
> got a TCP RST response. This response could be for a variety of
> reasons. One is that the host accepted no TCP connections on port
> 25, but that seems unlikely. More
On Wed, Jan 19, 2022 at 03:22:36PM -0500, Wayne Spivak wrote:
> I set the server back, because otherwise my email wasn't working properly.
And for some reason decided to not explain (show logs, ...) of what "not
working properly" means. :-( Crystal ball very cloudy on my end...
>
On Wed, Jan 19, 2022 at 08:23:45AM -0500, Alex wrote:
> I'm using postfix-3.5.10 and would like to use it to front-end a
> domain currently being managed by Google Workspace to be able to send
> mail through our filters first.
I take it this means *inbound* mail sent from outside users to your
I set the server back, because otherwise my email wasn't working properly.
[root@mcq postfix]# postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 3.6
content_filter =
On Wed, Jan 19, 2022 at 03:07:29PM -0500, Wayne Spivak wrote:
> Still not working...
That's not particularly illuminating. You'll need to reply with
"postconf -nf" and "postconf -Mf" output (inserted verbatim without any
changes in linebreaks or other whitespace).
Also with the output of
James B. Byrne:
[ Charset ISO-8859-1 converted... ]
>
>
> On Wed, January 19, 2022 13:29, Wietse Venema wrote:
> > James B. Byrne:
> >
> >
> > For me, alt4.gmail-smtp-in.l.google.com does not resolve to
> > 66.102.1.27, but instead to 142.250.153.26 (and some IPv6).
> >
> > Wietse
> >
>
>
On Wed, January 19, 2022 13:29, Wietse Venema wrote:
> James B. Byrne:
>
>
> For me, alt4.gmail-smtp-in.l.google.com does not resolve to
> 66.102.1.27, but instead to 142.250.153.26 (and some IPv6).
>
> Wietse
>
Repeated dns lookups of alt4.gmail-smtp-in.l.google.com return a different
Thank you, you just saved me an email
-Original Message-
From: owner-postfix-us...@postfix.org On
Behalf Of Viktor Dukhovni
Sent: Wednesday, January 19, 2022 1:47 PM
To: postfix-users@postfix.org
Subject: Re: TLS returning self-signed cert
On Wed, Jan 19, 2022 at 01:37:59PM -0500,
On Wed, Jan 19, 2022 at 01:37:59PM -0500, Wayne Spivak wrote:
> Thank you Victor.
>
> I will update the CAFile and report back.
Updating the CAfile probably won't help you. You need to add append the
intermediate certificates in questio to the server certificate file.
--
Viktor.
On Wed, Jan 19, 2022 at 01:13:56PM -0500, James B. Byrne wrote:
> Jan 19 12:49:29 mx31 postfix/smtp[81175]: 14FDA745F9:
> to=, relay=none, delay=2877,
> delays=2877/0.02/0.13/0, dsn=4.4.1, status=deferred (connect to
> alt4.gmail-smtp-in.l.google.com[66.102.1.27]:25: Connection refused)
Note
Thank you Victor.
I will update the CAFile and report back.
I think you answered weistse question.
Regards,
Wayne
Sent from my iPhone; typos expected and endorsed by Apple
> On Jan 19, 2022, at 1:28 PM, Viktor Dukhovni
> wrote:
>
> On Wed, Jan 19, 2022 at 01:09:09PM -0500, Wayne
James B. Byrne:
> postconf mail_version
> mail_version = 3.6.3
>
> OS FreeBSD-13.0p5
>
> I am in the process of transferring one of our MX services to a
> new host. During one of the test sessions against live traffic a
> connection to the final delivery host from the test service could
> be
On Wed, Jan 19, 2022 at 01:09:09PM -0500, Wayne Spivak wrote:
> This from SSL Labs states "self-signed":
Their report is misleading.
> 1 Sent by server mcq.sbanetweb.com
> Fingerprint SHA256:
> 1b48d54fd173fa980ca0ba8e2bbb5aabce3bbb9faf67bae4f375816155699efe
> Pin SHA256:
Wayne Spivak:
> Hi Wietse,
>
> It's been a very long time since we communicated.
>
> This from SSL Labs states "self-signed":
>
> Path #1: Not trusted (path does not chain to a trusted anchor)
> 1 Sent by server mcq.sbanetweb.com
> Fingerprint SHA256:
>
postconf mail_version
mail_version = 3.6.3
OS FreeBSD-13.0p5
I am in the process of transferring one of our MX services to a new host.
During one of the test sessions against live traffic a connection to the final
delivery host from the test service could be made. In consequence several
Hi Wietse,
It's been a very long time since we communicated.
This from SSL Labs states "self-signed":
Path #1: Not trusted (path does not chain to a trusted anchor)
1 Sent by server mcq.sbanetweb.com
Fingerprint SHA256:
1b48d54fd173fa980ca0ba8e2bbb5aabce3bbb9faf67bae4f375816155699efe
Wayne Spivak:
> My Postfix Server 3.6.2 running on a newly created Fedora 35 is returning
> self-signed SSL certs, where none were configured.
Why do you believe that this is a self-signed certifcate?
Isn't this an issue where the server returns a leaf certificate
without intermediate
My Postfix Server 3.6.2 running on a newly created Fedora 35 is returning
self-signed SSL certs, where none were configured.
We're using a multi-cert Entrust certificate. All domains on the box get
email from one single mx domain.
To be clear TLS works, but if I run SSL Labs report it comes back
On 2022-01-19 at 08:23:45 UTC-0500 (Wed, 19 Jan 2022 08:23:45 -0500)
Alex
is rumored to have said:
Hi,
I'm using postfix-3.5.10 and would like to use it to front-end a
domain currently being managed by Google Workspace to be able to send
mail through our filters first.
I know I'll need to
Alex:
> Hi,
>
> I'm using postfix-3.5.10 and would like to use it to front-end a
> domain currently being managed by Google Workspace to be able to send
> mail through our filters first.
Is this for
- Email from "users inside the domain" to Google Workspace? This
is like a relayhost for
On Tue, Jan 18, 2022 at 11:14:58AM -0500, Ruben Safir wrote:
> On Tue, Jan 18, 2022 at 04:50:11PM +0100, Matus UHLAR - fantomas wrote:
> > On 18.01.22 10:32, Ruben Safir wrote:
> > >I am sorry, that is wrong. I am getting main and master confused.
> > [...]
How do I know that dovecot is being
Hi,
I'm using postfix-3.5.10 and would like to use it to front-end a
domain currently being managed by Google Workspace to be able to send
mail through our filters first.
I know I'll need to redirect the MX, but how do I obtain a user list
so I'm not just forwarding all email received for the
On 2022-01-19 01:00, jdebert wrote:
On Tue, 18 Jan 2022 17:13:32 -0500
post...@ptld.com wrote:
Wait, so its a fork of Postfix?
It is not. It was intended to be a way for Red Hat / derivate users
to be able to have up-to-date Postfix features. Users' needs are
being actively addressed
On Tue, Jan 18, 2022 at 11:14 PM wrote:
> > likely at least a minimal attempt to avoid naming conflicts. renaming
> > forked the code (hopefully) helps avoid blaming Wietse for whatever gets
> > broken in that fork.
>
> Wait, so its a fork of Postfix?
>
No.
> And not the same code as what
41 matches
Mail list logo
