[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On 2024/3/25 12:05, Viktor Dukhovni via Postfix-users wrote: On Mon, Mar 25, 2024 at 12:00:12PM +0800, Cowbay via Postfix-users wrote: On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote: I checked posttls-finger on my another container which is Ubuntu 22.04.4, posttls-finger still doesn't support ipv6, weird. It isn't posttls-finger that does not support "ipv6", but rather your network stack. It's still weird because I have ipv6 network stack and I can ping smtp.gmail.com's ipv6 address. See below: $ host smtp.gmail.com smtp.gmail.com has address 173.194.174.108 smtp.gmail.com has IPv6 address 2404:6800:4008:c1b::6c $ posttls-finger -wc -lsecure -F /etc/ssl/certs/ca-certificates.crt -a ipv6 "[smtp.gmail.com]:465" smtp.gmail.com posttls-finger: smtp.gmail.com[173.194.174.108]:465: matched peername: smtp.gmail.com posttls-finger: smtp.gmail.com[173.194.174.108]:465: subject_CN=smtp.gmail.com, issuer_CN=GTS CA 1C3, fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1, pkey_fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96 posttls-finger: Verified TLS connection established to smtp.gmail.com[173.194.174.108]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 The "-a" option is a "preference", but perhaps you have separately disabled IPv6 via "inet_protocols = ipv4" in main.cf? Yes, you are right, THANKS. ^_^ While my "inet_protocols = ipv4" in main.cf both "-a ipv6" and "[ipv6:address]" always no ipv6 function. When "inet_protocols = all", posttls-finger works fine with ipv6. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On Mon, Mar 25, 2024 at 12:00:12PM +0800, Cowbay via Postfix-users wrote: > On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote: > > > I checked posttls-finger on my another container which is Ubuntu > > > 22.04.4, posttls-finger still doesn't support ipv6, weird. > > > > It isn't posttls-finger that does not support "ipv6", but rather your > > network stack. > > It's still weird because I have ipv6 network stack and I can ping > smtp.gmail.com's ipv6 address. See below: > > $ host smtp.gmail.com > smtp.gmail.com has address 173.194.174.108 > smtp.gmail.com has IPv6 address 2404:6800:4008:c1b::6c > > $ posttls-finger -wc -lsecure -F /etc/ssl/certs/ca-certificates.crt -a ipv6 > "[smtp.gmail.com]:465" smtp.gmail.com > posttls-finger: smtp.gmail.com[173.194.174.108]:465: matched peername: > smtp.gmail.com > posttls-finger: smtp.gmail.com[173.194.174.108]:465: > subject_CN=smtp.gmail.com, issuer_CN=GTS CA 1C3, > fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1, > > pkey_fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96 > posttls-finger: Verified TLS connection established to > smtp.gmail.com[173.194.174.108]:465: TLSv1.3 with cipher > TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature > RSA-PSS (2048 bits) server-digest SHA256 The "-a" option is a "preference", but perhaps you have separately disabled IPv6 via "inet_protocols = ipv4" in main.cf? -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote: I checked posttls-finger on my another container which is Ubuntu 22.04.4, posttls-finger still doesn't support ipv6, weird. It isn't posttls-finger that does not support "ipv6", but rather your network stack. It's still weird because I have ipv6 network stack and I can ping smtp.gmail.com's ipv6 address. See below: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 22.04.4 LTS Release:22.04 Codename: jammy $ host smtp.gmail.com smtp.gmail.com has address 173.194.174.108 smtp.gmail.com has IPv6 address 2404:6800:4008:c1b::6c $ posttls-finger -wc -lsecure -F /etc/ssl/certs/ca-certificates.crt -a ipv6 "[smtp.gmail.com]:465" smtp.gmail.com posttls-finger: smtp.gmail.com[173.194.174.108]:465: matched peername: smtp.gmail.com posttls-finger: smtp.gmail.com[173.194.174.108]:465: subject_CN=smtp.gmail.com, issuer_CN=GTS CA 1C3, fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1, pkey_fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96 posttls-finger: Verified TLS connection established to smtp.gmail.com[173.194.174.108]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 $ ping -6 -c1 2404:6800:4008:c1b::6c PING 2404:6800:4008:c1b::6c(2404:6800:4008:c1b::6c) 56 data bytes 64 bytes from 2404:6800:4008:c1b::6c: icmp_seq=1 ttl=58 time=9.21 ms --- 2404:6800:4008:c1b::6c ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 9.210/9.210/9.210/0.000 ms ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On Mon, Mar 25, 2024 at 10:08:59AM +0800, Cowbay via Postfix-users wrote: > On 2024/3/25 01:12, Viktor Dukhovni via Postfix-users wrote: > > > If the "posttls-finger" has the identical behavior as postfix, then I > > > could write a simple cronjob script to "finger" the > > > smtp.gmail.com:465. > > > > Not necessarily 100% identical, but quite close. > It seems not perfect. :( But close enough, that it should be used instead of "openssl s_client". You can also specify the "-C" option to report the remote chain, which you can then examine if verification failed. > I checked posttls-finger on my another container which is Ubuntu > 22.04.4, posttls-finger still doesn't support ipv6, weird. It isn't posttls-finger that does not support "ipv6", but rather your network stack. > > Certificate verification should be identical, but if the presented chain > > subtly depends on the client's TLS HELLO message, there could perhaps be > > a difference if main.cf has "smtp_tls_..." settings that cause the HELLO > > message to differ between smtp(8) and posttls-finger(1). > > Since they are different, my idea to use posttls-finger seems > unnecessary. I decide to cancel this idea. But modify my script to > monitor the postfix log for keyword "self-signed" every minute. I can > expect that we cannot see any result in a short time. You read too much into my caveats, the differences should be minor, and quite likely the issue was a brief configuration blip in Google's front-end TLS load-balancers. > it seems that we prefer to believe postfix really got a self-signed > certificate from smtp.gmail.com last time and maybe one of the cause > is no SNI name sent. That's one possible explanation. > I still decide to add the "servername" attribute to my tls_policy > while also monitor the postfix log with my modified script. Maybe I > will never have a result. :) Good luck, whatever that might be. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On 2024/3/25 01:12, Viktor Dukhovni via Postfix-users wrote:
If the "posttls-finger" has the identical behavior as postfix, then I
could write a simple cronjob script to "finger" the
smtp.gmail.com:465.
Not necessarily 100% identical, but quite close.
It seems not perfect. :(
$ posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt -a ipv6
[smtp.gmail.com]:465
You neglected to specify "-lsecure", and just in case an explicit match
pattern:
My bad, I will add this "-lsecure" to "posttls-finger" and add "-CAfile" to the
openssl command.
posttls-finger: Verified TLS connection established to
smtp.gmail.com[142.251.8.109]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
It does indeed look like IPv6 is not available on your end.
Actually, I was afraid that my postfix is too old to have this problem or the
build mistake from old debian. I checked posttls-finger on my another container
which is Ubuntu 22.04.4, posttls-finger still doesn't support ipv6, weird.
If the "posttls-finger" has the identical behavior as postfix about
verifying the certificate, then I can start to launch this cronjob.
Certificate verification should be identical, but if the presented chain
subtly depends on the client's TLS HELLO message, there could perhaps be
a difference if main.cf has "smtp_tls_..." settings that cause the HELLO
message to differ between smtp(8) and posttls-finger(1).
Since they are different, my idea to use posttls-finger seems unnecessary. I
decide to cancel this idea.
But modify my script to monitor the postfix log for keyword "self-signed" every
minute. I can expect that we cannot see any result in a short time.
The cipher grade will default to "medium", and (as in the Postfix
smtp(8) client) an SNI name won't be sent unless you specify one ("-s
smtp.gmail.com").
Thanks to remind me. I will add another posttls-finger with "-s" and add another openssl
with "-noservername" to my modified script.
On 2024/3/24 00:49, Viktor Dukhovni via Postfix-users wrote:
One possible factor is the handling of TLS connections that don't set
the SNI name (Postfix default, see
).
I recall your remind as above. I didn't use "smtp_tls_servername" in my postfix.
For debug purpose, I should not modify my postfix configurations.
For formal usage, I should use DANE or specify "servername" attribute to the
tls_policy.
mit seems that we prefer to believe postfix really got a self-signed
certificate from smtp.gmail.com last time and maybe one of the cause is no SNI
name sent.
I still decide to add the "servername" attribute to my tls_policy while also
monitor the postfix log with my modified script. Maybe I will never have a result. :)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sending email via ipv4
Op 24-03-2024 om 20:53 schreef Viktor Dukhovni via Postfix-users: On Sun, Mar 24, 2024 at 08:39:16PM +0100, Jack Raats via Postfix-users wrote: master.cf: smtp .. .. .. .. .. .. smtp -o inet_protocols=ipv6 What to do if my smtp line ends with postscreen? That's "smtp inet", while the delivery agent is "smtp unix ...", see my post for an unabbreviated example. You're right. I've to read better. I have a new glas fiber internet connection with a new ipv4 address which has a very bad reputation. That's why I want to use ipv6. I take it you know that many (even large service provider) domains don't have IPv6 MX hosts, so using *only* IPv6 you'll find that you won't be able to reach many potential recipients. I know! I've to make de reputation better and delist the ip address on many blacklist servers. Thank you! Gr., Jack Raats ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sending email via ipv4
On Sun, Mar 24, 2024 at 08:39:16PM +0100, Jack Raats via Postfix-users wrote: > > master.cf: > > smtp .. .. .. .. .. .. smtp > > -o inet_protocols=ipv6 > > What to do if my smtp line ends with postscreen? That's "smtp inet", while the delivery agent is "smtp unix ...", see my post for an unabbreviated example. > I have a new glas fiber internet connection with a new ipv4 address > which has a very bad reputation. That's why I want to use ipv6. I take it you know that many (even large service provider) domains don't have IPv6 MX hosts, so using *only* IPv6 you'll find that you won't be able to reach many potential recipients. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sending email via ipv4
Op 24-03-2024 om 19:42 schreef Wietse Venema via Postfix-users: Jack Raats via Postfix-users: main.cf: inet_protocols=ipv4,ipv6 as well as appropriate DNS MX and A records. I have inet_protocols=all I want to send email via ipv6 only. master.cf: smtp .. .. .. .. .. .. smtp -o inet_protocols=ipv6 What to do if my smtp line ends with postscreen? I have a new glas fiber internet connection with a new ipv4 address which has a very bad reputation. That's why I want to use ipv6. Thanks for your wonderfull email server! Gr., Jack Raats ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sending email via ipv4
Jack Raats via Postfix-users: > Hi, > > Can any help me. I want to recieve email via ipv4 and ipv6. main.cf: inet_protocols=ipv4,ipv6 as well as appropriate DNS MX and A records. > I want to send email via ipv6 only. master.cf: smtp .. .. .. .. .. .. smtp -o inet_protocols=ipv6 > I tried using smtp_address_preference = ipv6, but that didn't work. smtp_address_preference=ipv6 tells Postfix to try sending over IPv6 before trying IPv4. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sending email via ipv4
On Sun, Mar 24, 2024 at 04:32:15PM +0100, Jack Raats via Postfix-users wrote: > Can any help me. I want to recieve email via ipv4 and ipv6. I want to send > email via ipv6 only. > I tried using smtp_address_preference = ipv6, but that didn't work. I have a machine where IPv6 connectivity is second-class (Verizon Fios does not offer IPv6, so GRE tunnel via Hurricane Electric), and where historically there was more impedance (stricter inbound policies on remote servers) for IPv6 SMTP. So I chose to deliver only via IPv4: $ postconf -Mf smtp/unix smtp unix - - n - 150 smtp -o inet_protocols=ipv4 And for a few v6 only domains I have: $ postconf -Mf ipv6/unix ipv6 unix - - n - 150 smtp -o inet_protocols=ipv6 -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On Sun, Mar 24, 2024 at 11:34:35PM +0800, Cowbay via Postfix-users wrote:
> > You might not get to observe the problem for quite some time (if ever
> > again).
>
> I'm quite seldom sending mail by gmail via my postfix server.
>
> If the "posttls-finger" has the identical behavior as postfix, then I
> could write a simple cronjob script to "finger" the
> smtp.gmail.com:465.
Not necessarily 100% identical, but quite close.
> OT: I just tried that my version of "posttls-finger" has no ipv6 support
> though the man page says it supports. And it always returns 0 even failed.
> 8<-8<-
> $ host smtp.gmail.com
> smtp.gmail.com has address 142.251.8.109
> smtp.gmail.com has IPv6 address 2404:6800:4008:c15::6d
>
> $ posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt -a ipv6
> [smtp.gmail.com]:465
You neglected to specify "-lsecure", and just in case an explicit match
pattern:
$ posttls-finger -wc -lsecure -F /etc/ssl/cert.pem -a ipv6
"[smtp.gmail.com]:465" smt.gmail.com
posttls-finger: smtp.gmail.com[2607:f8b0:4004:c1d::6c]:465: matched
peername: smtp.gmail.com
posttls-finger: smtp.gmail.com[2607:f8b0:4004:c1d::6c]:465:
subject_CN=smtp.gmail.com, issuer=GTS CA 1C3, cert
fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1,
pkey
fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96
posttls-finger: Verified TLS connection established to
smtp.gmail.com[2607:f8b0:4004:c1d::6c]:465: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
> posttls-finger: Verified TLS connection established to
> smtp.gmail.com[142.251.8.109]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
> (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
> server-digest SHA256
It does indeed look like IPv6 is not available on your end.
> $ posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt
> "[ipv6:2404:6800:4008:c15::6d]:465" smtp.gmail.com
The "[ipv6:addr]" syntax can be simplified to "[addr]". You still
should specify "-lsecure".
> If the "posttls-finger" has the identical behavior as postfix about
> verifying the certificate, then I can start to launch this cronjob.
Certificate verification should be identical, but if the presented chain
subtly depends on the client's TLS HELLO message, there could perhaps be
a difference if main.cf has "smtp_tls_..." settings that cause the HELLO
message to differ between smtp(8) and posttls-finger(1).
The cipher grade will default to "medium", and (as in the Postfix
smtp(8) client) an SNI name won't be sent unless you specify one ("-s
smtp.gmail.com").
I am sceptical that monitoring smtp.gmail.com:465 is likely to be
productive, but if you're motivated, this is surely harmless.
--
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: dane.sys4.de
On Sun, Mar 24, 2024 at 05:22:26PM +0100, Benny Pedersen via Postfix-users wrote: > Viktor Dukhovni via Postfix-users skrev den 2024-03-24 02:31: > > > The code should be fixed, but nobody has complained loudly enough. > > time out or not, dnssec is green, tlsa is yellow, should smtp test be needed > when tlsa is not green ? > > if smtp test is not done without tlsa green i think problem is solved for > the dane testing This is a topic for the dane-us...@list.sys4.de list. It is not Postfix-specific. If there are no TLSA records, then there is no sensible information to be gained from an SMTP test. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: dane.sys4.de
Viktor Dukhovni via Postfix-users skrev den 2024-03-24 02:31: The code should be fixed, but nobody has complained loudly enough. time out or not, dnssec is green, tlsa is yellow, should smtp test be needed when tlsa is not green ? if smtp test is not done without tlsa green i think problem is solved for the dane testing ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix thinks smtp.gmail.com uses self-signed certificate
On 2024/3/24 00:49, Viktor Dukhovni via Postfix-users wrote:
and also "posttls-finger" as in the example I posted.
You might not get to observe the problem for quite some time (if ever
again).
I'm quite seldom sending mail by gmail via my postfix server.
If the "posttls-finger" has the identical behavior as postfix, then I could write a
simple cronjob script to "finger" the smtp.gmail.com:465.
OT: I just tried that my version of "posttls-finger" has no ipv6 support though
the man page says it supports. And it always returns 0 even failed.
8<-8<-
$ host smtp.gmail.com
smtp.gmail.com has address 142.251.8.109
smtp.gmail.com has IPv6 address 2404:6800:4008:c15::6d
$ posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt -a ipv6
[smtp.gmail.com]:465
posttls-finger: smtp.gmail.com[142.251.8.109]:465: matched peername:
smtp.gmail.com
posttls-finger: smtp.gmail.com[142.251.8.109]:465: subject_CN=smtp.gmail.com,
issuer_CN=GTS CA 1C3,
fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1,
pkey_fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96
posttls-finger: Verified TLS connection established to
smtp.gmail.com[142.251.8.109]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
$ posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt
"[ipv6:2404:6800:4008:c15::6d]:465" smtp.gmail.com
posttls-finger: Destination address lookup failed: Name service error for
2404:6800:4008:c15::6d: invalid host or domain name
8<-8<-
But this is no problem. It's enough to use ipv4.
I plan to use below script per hour.
8<-8<-
#!/bin/bash
FGR_SMTP_HOST="smtp.gmail.com"
FGR_SMTP_PORT=465
FGR_SMTP_IP=""
FGR_ERR_FOUND=0
FGR_FINGER_TMP="/tmp/posttls-finger-output-$$.tmp"
FGR_OPENSSL_TMP="/tmp/openssl-s-client-output-$$.tmp"
FGR_REPORT_EMAIL="b...@domain.tld"
posttls-finger -wc -F /etc/ssl/certs/ca-certificates.crt "[${FGR_SMTP_HOST}]:$FGR_SMTP_PORT"
> "$FGR_FINGER_TMP"
grep -q -i fail "$FGR_FINGER_TMP" && FGR_ERR_FOUND=1
if [ $FGR_ERR_FOUND -eq 1 ]; then
FGR_SMTP_IP="$(sed -n -E 's/^posttls-finger:.+\[([0-9.]+)\].*$/\1/p; T; q'
"$FGR_FINGER_TMP")"
openssl s_client -servername "$FGR_SMTP_HOST" -connect "${FGR_SMTP_IP}:$FGR_SMTP_IP" <
/dev/null > "$FGR_OPENSSL_TMP"
while true; do
echo "From: worker "
echo "To: boss <${FGR_REPORT_EMAIL}>"
echo "Date: $(date -R)"
echo "Subject: [posttls-finger] bad finger to $FGR_SMTP_HOST"
echo "MIME-Version: 1.0"
echo "Content-Type: text/plain; charset=utf-8"
echo "Content-Transfer-Encoding: 8bit"
echo "Message-Id: <$(date +%s)-${RANDOM}${RANDOM}@domain.tld>"
echo
echo "===> $FGR_FINGER_TMP"
cat "$FGR_FINGER_TMP"
echo
echo "===> $FGR_OPENSSL_TMP"
cat "$FGR_OPENSSL_TMP"
echo
break
done | sendmail -i "$FGR_REPORT_EMAIL"
fi
rm -f "$FGR_FINGER_TMP" "$FGR_OPENSSL_TMP"
8<-8<-
If the "posttls-finger" has the identical behavior as postfix about verifying
the certificate, then I can start to launch this cronjob.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Sending email via ipv4
Hi, Can any help me. I want to recieve email via ipv4 and ipv6. I want to send email via ipv6 only. I tried using smtp_address_preference = ipv6, but that didn't work. Gr., Jack Raats ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
