On Tue, Oct 18, 2011 at 01:04:30PM -0400, Simon Brereton wrote:
> Is "smtpd_enforce_tls=yes" a suitable replacement/substitute for
> "smtpd_tls_auth_only = yes?
With smtpd_tls_security_level=encrypt (or its legacy form) the
smtpd_tls_auth_only feature is arguably reduntant, but it is
harmless, a
On 10/18/2011 1:24 PM, Simon Brereton wrote:
>> smtpd_enforce_tls is obsolete, instead use
>> -o smtpd_tls_security_level=encrypt
>> This setting will reject all mail from unencrypted connections. The
>> "encrypt" setting must not be used on a public-facing port 25, but
>> is widely used and reco
On 18 October 2011 14:17, Noel Jones wrote:
> On 10/18/2011 12:04 PM, Simon Brereton wrote:
>> On 13 October 2011 20:11, Noel Jones wrote:
>>> The only place you should really care about encryption is if your
>>> own clients submit SASL authenticated mail -- the far most common
>>> auth mechanism
On 10/18/2011 12:04 PM, Simon Brereton wrote:
> On 13 October 2011 20:11, Noel Jones wrote:
>> The only place you should really care about encryption is if your
>> own clients submit SASL authenticated mail -- the far most common
>> auth mechanisms are PLAIN and LOGIN which really should be protec
On 2011-10-18 1:04 PM, Simon Brereton wrote:
Is "smtpd_enforce_tls=yes" a suitable replacement/substitute for
"smtpd_tls_auth_only = yes?
No, they are two different things.
What version of postfix? For current/latest version of postfix I use both:
smtpd_tls_security_level=encrypt
smtpd_tls_
On 13 October 2011 20:11, Noel Jones wrote:
> The only place you should really care about encryption is if your
> own clients submit SASL authenticated mail -- the far most common
> auth mechanisms are PLAIN and LOGIN which really should be protected
> inside a TLS connection. This is commonly co
On Fri, Oct 14, 2011 at 02:04:03PM -0500, Noel Jones wrote:
> >> Typically these would be set to the same cert & keys as used by smtpd.
> >
> > Since these are self-signed certificates, would it be possible to use
> > a URL for the CA file?
>
> No, the documentation says a file, not a URL.
> Or
On 10/14/2011 1:55 PM, Simon Brereton wrote:
> On 13 October 2011 20:11, Noel Jones wrote:
>> On 10/13/2011 6:39 PM, Simon Brereton wrote:
>>> smtp_tls_CAfile = ?
>>> smtp_tls_cert_file = ?
>>> smtp_tls_key_file = ?
>>
>> Typcially these would be set to the same cert & keys as used by smtpd.
>
>
On 13 October 2011 20:11, Noel Jones wrote:
> On 10/13/2011 6:39 PM, Simon Brereton wrote:
>> smtp_tls_CAfile = ?
>> smtp_tls_cert_file = ?
>> smtp_tls_key_file = ?
>
> Typcially these would be set to the same cert & keys as used by smtpd.
Since these are self-signed certificates, would it be pos
On Thu, Oct 13, 2011 at 07:11:27PM -0500, Noel Jones wrote:
> Typically these would be set to the same cert & keys as used by smtpd.
My recommendation is to leave the client key/cert settings empty.
These should only be set for transports used with TLS client auth
by mutual arrangement with a des
On 10/13/2011 6:39 PM, Simon Brereton wrote:
> smtp_tls_CAfile = ?
> smtp_tls_cert_file = ?
> smtp_tls_key_file = ?
Typcially these would be set to the same cert & keys as used by smtpd.
>> Not needed, you neither ask for nor verify client certs.
>
> Should I be? And if so, how do I do that? B
On 13 October 2011 19:16, Noel Jones wrote:
> On 10/13/2011 5:41 PM, Mark Homoky wrote:
>> On 11 Oct 2011, at 15:54, "Simon Brereton"
>> wrote:
>>
>
> this is obseleted (I'm running 2.7.1) and to use
> smtpd_tls_security_level = may instead - however, vim tells me that
> the form
On 10/13/2011 5:41 PM, Mark Homoky wrote:
> On 11 Oct 2011, at 15:54, "Simon Brereton"
> wrote:
>
this is obseleted (I'm running 2.7.1) and to use
smtpd_tls_security_level = may instead - however, vim tells me that
the former is a valid configurable (it's highlighted) whilst
On 11 Oct 2011, at 15:54, "Simon Brereton"
wrote:
>>>
>>> this is obseleted (I'm running 2.7.1) and to use
>>> smtpd_tls_security_level = may instead - however, vim tells me that
>>> the former is a valid configurable (it's highlighted) whilst the
>>> latter is not. That's part of my confusion
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Viktor Dukhovni
> On Fri, Oct 07, 2011 at 05:15:20PM -0400, Simon Brereton wrote:
>
> > postfix/smtpd[25614]: warning: TLS library problem:
> 25614:error:14094416:SSL routi
On Fri, Oct 07, 2011 at 05:15:20PM -0400, Simon Brereton wrote:
> postfix/smtpd[25614]: warning: TLS library problem: 25614:error:14094416:SSL
> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL
> alert number 46:
This client could not verify your server certificate, it
Hi
My log files has a moderate amount of TLS warnings:
postfix/smtpd[25614]: warning: TLS library problem: 25614:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL
alert number 46:
I'm aware that this could be (according to an older thread on this lis
17 matches
Mail list logo
