Thanks for the help.
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, high
Where did you get the idea that "high" was a TLS protocol version?
I think this got in there by mistake, its not in my postfiix
configuration. My guess is that I started typing before moving cursor.
ooops!
Sorry.
Jo
> On Mar 14, 2018, at 10:48 PM, John wrote:
>
> smtp_dns_support_level = dnssec
> smtp_tls_security_level = dane
Fine.
> smtp_tls_ciphers = high
OK, but medium is perhaps sufficient.
> smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK, aDSS,
> kECDhe, kECDhr, kDHd, kDHr, S
Too complicated? How could this be improved?
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK,
aDSS, kECDhe, kECDhr, kDHd, kDHr, SEED, LOW, EXPORT
smtp_tls_mandatory_protocols = !SSLv2, !SSL
> On Mar 13, 2018, at 12:00 PM, Matus UHLAR - fantomas
> wrote:
>
> smtpd_tls_ciphers=high
> smtpd_tls_mandatory_ciphers=high
> smtpd_tls_exclude_ciphers=aNULL
My recommendation is:
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = high
There's not much need to exclude any additional
> On Mar 13, 2018, at 11:36 AM, LuKreme wrote:
>
> In general, or these specific exclusions?
Mostly in general. Why do cleartext with clients that can't do strong ciphers,
let them encrypt with their medium ciphers.
> I've had
>
> smtpd_tls_exclude_ciphers = MD5, SEED, IDEA, RC2, RC4
>
> F
On 13.03.18 09:36, LuKreme wrote:
On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote:
smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
This too is unwise. Remove this setting.
In general, or these specific exclusions?
I
On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote:
>> smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
>> DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
>
> This too is unwise. Remove this setting.
In general, or these specific exclusions?
I've had
smtpd_tls_exclude_ci
> On Mar 13, 2018, at 10:53 AM, L.P.H. van Belle wrote:
>
> Yes, i've set smtpd_tls_ask_ccert to yes.
You almost certainly don't need this.
> Hmmm, i now also noticed i dont have Trusted or Verified anymore, this must
> be a miss on my side after the switch from 2.10 to 3.1 postfix.
"Verifi
Hello Victor,
> -Oorspronkelijk bericht-
> Van: postfix-us...@dukhovni.org
> [mailto:owner-postfix-us...@postfix.org] Namens Viktor Dukhovni
> Verzonden: dinsdag 13 maart 2018 15:27
> Aan: Postfix users
> Onderwerp: Re: question about envelop from.
>
>
>
&
> On Mar 13, 2018, at 8:54 AM, L.P.H. van Belle wrote:
>
> Feb 7 00:00:16 hostname postfix/smtpd[31726]: NOQUEUE: reject: RCPT from
> smtp1..nl[x.xx.xxx.xx]]: 450 4.1.8 :
> Sender address rejected: Domain not found;
> from=
>
> about this:
> envelope-from="MAILER-DAEMON@apmcsqa0
x-us...@postfix.org] Namens Matus UHLAR - fantomas
> Verzonden: dinsdag 13 maart 2018 14:05
> Aan: postfix-users@postfix.org
> Onderwerp: Re: question about envelop from.
>
> On 13.03.18 13:54, L.P.H. van Belle wrote:
> >Im reading through rfc's but the following is still
On 13.03.18 13:54, L.P.H. van Belle wrote:
Im reading through rfc's but the following is still not clear for me.
E-mail is rejected base on the envelop-from adres from a mail-daemon with
postfix + postfix-policyd-spf
I saw the following in the postfix logs.
Feb 7 00:00:16 hostname postfix/s
12 matches
Mail list logo